Secure, end-to-end TLS encrypted access to your Home Assistant without configuring your router or having a static IP. Instead of HTTPS tunnels that are being terminated on Webhook Relay servers, we will be using TLS tunnels that are only being terminated at your end so even if we are forced to, we couldn’t intercept traffic without your browser notifying you.
This tutorial will expect you to have:
To have a basic experience with fully encrypted end-to-end tunnels, choose Basic plan ($4.5/month), although you will not be able to set your own custom domain for it.
Installation of this add-on is pretty straightforward and not different in comparison to installing any other Hass.io add-on:
Once you have:
Use those details to populate add-on configuration:
Make sure that the “protocol” is set to
tunnels_enabled is set to true.
Add-on will automatically:
That’s it, you should be able to access your Home Assistant through your domain that you have configured, in my case it’s https://auto-ha.duckdns.org. We have got full, end-to-end encryption without configuring your router or getting a static IP:
Also, instead of using DuckDNS & Let’s Encrypt, you can use any certificate you want or just don’t supply any certs to the add-on and terminate TLS on Home Assistant server. For that you will just have to specify HTTPS in the destination:
If you just want to receive webhooks, feel free to use our free tier! Or if you feel broke, email us at [email protected] and we might think of something :)
Not using Hass.io? Check out my previous blog post that details a simple setup with Docker here.