this post was submitted on 04 Oct 2024
11 points (100.0% liked)

homeassistant

11896 readers
51 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 1 year ago
MODERATORS
[email protected]
11
Duckdns/wireguard/... Which one do you prefer and why? (jlai.lu)
submitted 16 hours ago by [email protected] to c/homeassistant
31 comments fedilink hide all child comments
 

Hi everyone

So, that's a 2 in 1 post. First a more general question then looking for advice for a friend.

  • What is your preferred way to access HA from outside (and why)?

  • a friend of mine use duckdns and I often read (recently) that some people are having issue with it. Is wireguard a better way or another solution that is not too techy to deal with?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 15 hours ago (5 children)

Different services for different use cases.

I use nginx reverse proxy behind Duckdns for anything that requires public access, or that I use very frequently, like jellyfin or immich

I use Wireguard for everything else, to expose as little as possible.

If anything, I would say that Duckdns is harder to setup than Wireguard. You will need something like nginx reverse proxy if you want to host multiple services, and also deal with SSL certificates.

[–] [email protected] 1 points 14 hours ago* (last edited 14 hours ago) (3 children)

Can you explain why you don't use wireguard for jellyfish/lmmich?

(Network things are something I never get to fully understand)

[–] [email protected] 3 points 13 hours ago (2 children)

To use Wireguard, you need to:

  1. provision a client tunnel for every device, or at least every person who needs to access your network
  2. have Wireguard downloaded and installed on every device, with the tunnels all imported.

Basically, Wireguard works really well for services that only you use, on your own devices. You set it up once per device, and you have access to every service you host on your network.

For the DuckDNS / reverse proxy route, you need to configure the reverse proxy for every service you want to expose, but don't need to configure anything on the end user's device.

For Jellyfin, since I have users that are not me, it is impractical to expect them to go through all the hoops to get Wireguard running just to watch some movie or tv show. I also don't want to make new Wireguard client tunnels for every single friend that I add to my jellyfin server. This also means I can access jellyfin on devices that aren't my own such as a friend's TV.

For immich, my phone is a bit wonky with keeping Wireguard connected in the background, and I just don't want to worry about if I'm connected to my vpn just so my photos will get backed up.

[–] [email protected] 1 points 13 hours ago

Thanks

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)