I’ve been diving into the world of home automation and security, and I wanted to share my experiences and seek some advice from the community.
Recently, I’ve been experimenting with using Macrodroid to send HTTP/GET requests to my OpenHab setup, which is hosted on a Raspberry Pi. The goal is to control various devices, like opening the front door or adjusting lights, from outside my local network using my DynDNS address. While I’ve managed to get the basic functionality working, I’m now focusing on enhancing the security of these interactions.
One of the challenges I’ve encountered is handling login credentials within the URL. Macrodroid doesn’t seem to support this natively, which limits its ability to securely authenticate requests. On the other hand, the Automate app can handle logins, but it lacks the reliability and flexibility I need for my specific use case.
I’ve also been exploring the idea of using HTTPS to encrypt the data being sent over the network. From what I understand, HTTPS encrypts the URL parameters, which could help protect sensitive information like login credentials. However, I’m not entirely sure how to implement this properly without introducing vulnerabilities.
I’ve read a bit about using .htaccess files and reverse proxies to add an extra layer of security, but I’m concerned about the potential risks if these files aren’t configured correctly. For instance, if someone gains access to the .htaccess file, it might negate the security benefits I’m aiming for.
Another consideration is whether normal HTTP is secure enough for my setup. I’m using an LTE network and a secured Wi-Fi connection, but I’m still cautious about exposing my OpenHab instance and other services running on the same Raspberry Pi.
I’d love to hear from others who have experience with similar setups. What steps have you taken to secure your home automation systems? Are there any tutorials or best practices you’d recommend for someone looking to implement HTTPS with encrypted login data?
Additionally, I’m curious about the community’s opinion on whether disabling security in openhab.conf is a viable temporary solution while I work on a more robust setup.
Any insights or suggestions would be greatly appreciated! Let’s collaborate to make our smart homes both functional and secure.
Cheers,
Ed