购物车中没有商品
菜单
2024年11月24日星期日 上午3:35:50
高级搜索

Home Assistant Remote access Solution

回复
  • 楼主
  • 6317
私人讯息
2 年 前
#3562 引用
DMZ主机工作原理

https://www.zhihu.com/question/22324268




当主机A发送包到主机B,不管这个包内容如何,主机B都得照章全收。如果主机A对主机B发出的攻击性的封包,主机B都得全部收下,如果主机B系统本身有缺陷的时候,这个攻击包可能会crash整个主机B。
0
  • 楼主
  • 6317
私人讯息
2 年 前
#3638 引用
3
0
  • 楼主
  • 6317
私人讯息
2 年 前
#3639 引用
3
0
  • 楼主
  • 6317
私人讯息
2 年 前
#3640 引用
duckdns + public ip

My ISP provided me with a public dynamic IP address and now I can access HA through the duckdns DNS from outside




https://dummylabs.com/posts/2021-03-13-the-easiest-way-to-https-home-assistant

0
  • 楼主
  • 6317
私人讯息
2 年 前
#3641 引用
nginx  reverse proxy


0
  • 楼主
  • 6317
私人讯息
2 年 前
#3684 引用
Expose Home Assistant through an SSH tunnel

https://carly.be/expose-home-assistant-through-ssh-tunnel/



0
  • 楼主
  • 6317
私人讯息
2 年 前
#3746 引用

before #hass -v


root@raspberrypi:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      327/connmand        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      470/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      751/exim4           
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      821/sshd: root@pts/ 
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN      877/sshd: root@pts/ 
tcp        0      0 127.0.0.1:6012          0.0.0.0:*               LISTEN      909/sshd: root@pts/ 
tcp6       0      0 ::1:53                  :::*                    LISTEN      327/connmand        
tcp6       0      0 :::22                   :::*                    LISTEN      470/sshd: /usr/sbin 
tcp6       0      0 ::1:25                  :::*                    LISTEN      751/exim4           
tcp6       0      0 ::1:6010                :::*                    LISTEN      821/sshd: root@pts/ 
tcp6       0      0 ::1:6011                :::*                    LISTEN      877/sshd: root@pts/ 
tcp6       0      0 ::1:6012                :::*                    LISTEN      909/sshd: root@pts/ 
tcp6       0      0 :::6600                 :::*                    LISTEN      1/init  


after #hass -v


root@raspberrypi:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      327/connmand        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      423/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      712/exim4           
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      768/sshd: root@pts/ 
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN      839/sshd: root@pts/ 
tcp        0      0 0.0.0.0:8123            0.0.0.0:*               LISTEN      822/python3.9       
tcp        0      0 127.0.0.1:6012          0.0.0.0:*               LISTEN      881/sshd: root@pts/ 
tcp6       0      0 :::6600                 :::*                    LISTEN      1/init              
tcp6       0      0 ::1:53                  :::*                    LISTEN      327/connmand        
tcp6       0      0 :::22                   :::*                    LISTEN      423/sshd: /usr/sbin 
tcp6       0      0 ::1:25                  :::*                    LISTEN      712/exim4           
tcp6       0      0 ::1:6010                :::*                    LISTEN      768/sshd: root@pts/ 
tcp6       0      0 ::1:6011                :::*                    LISTEN      839/sshd: root@pts/ 
tcp6       0      0 :::8123                 :::*                    LISTEN      822/python3.9       
tcp6       0      0 ::1:6012                :::*                    LISTEN      881/sshd: root@pts/
0
  • 楼主
  • 6317
私人讯息
2 年 前
#3758 引用
1

In my reverse proxy i had to delete:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Well it does work. I’d suggest the x_forwarded_for is misconfigured in the proxy as that is supposed to pass through the real IP address instead of the proxy.



That is not a solution, and actually one of the few cases we can’t detect.
Strongly recommended NOT to delete the X-Forwarded-For, you are creating a security issue for yourself.

Home Assistant only listen to 127.0.0.1 will forbid direct accesses.

Home Assistant should be told to only trust headers coming from the NGINX proxy.

Otherwise, incoming requests will always come from 127.0.0.1 and not the real IP address.

0
  • 楼主
  • 6317
私人讯息
2 年 前
#3759 引用
1
0
  • 楼主
  • 6317
私人讯息
2 年 前
#3760 引用
Home Assistant default port




netstat  -anp  |grep 8123


output


root@vultr:~# netstat  -anp  |grep 8123
tcp        0      0 0.0.0.0:8123            0.0.0.0:*               LISTEN      11965/python3
0
回复
信息中心
客户服务
版权所有 © 2024 秘书乐园 保留所有权利
Powered by nopCommerce