this post was submitted on 14 Mar 2024
4 points (100.0% liked)

Home Automation

2937 readers
10 users here now

Discussion about general home automation ideas and projects, home automation protocols like Z-wave, Zigbee, Matter, etc, and home automation software and hubs like HomeSeer, Home Assistant, OpenHAB, Homey.

founded 1 year ago
MODERATORS
 

I followed this video to make my Home Asssistant accessible from everywhere, and yeah, port 8123 is fully clear to me, I've done it, it works great.

But he also talks about port 443, and when he sets it up in the router instead of choosing 443 on both WAN and LAN he goes for 443 to 8123. Why? And which one is the WAN and the LAN one? His router config has completely different names to mine, and as you can tell I am quite a noob at this.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

ESL5

Port 443 is the default for encrypted web traffic. If you imagine ":443" added to every site you visit like https://adobe.com:443 that's what is happening behind the scenes. It gets intimidating to people, so the port is hidden. You specifying :8123 is simply overriding the default.

What the video does, (I'm guessing because I bugged off at the like/subscribe/service pitch and couldn't be bothered) is take the default port and forward it to your device so visitors don't have to type in :8123 to access your site. This means anyone can access it (or at least the login page) at https://[your.wan.ip.address]

That is for convenience, but also easier for riffraff to find. Note, security by obscurity is poor design and there are ways to reveal servers on different ports.

[โ€“] [email protected] 3 points 7 months ago

To piggyback off the mention of security, I personally feel a little icky having ports open to the world on my home network. I would definitely recommend OP to look into using a VPN to connect back to the home network. Easy-to-use options like Tailscale and ZeroTier exist, or if they want they could roll their own with Wireguard (not sure what exactly is involved doing this, I went the easy route)