Having a home automation solution that is only available inside your house might work for some people, but most people want to control their home also form the outside.
There are different options to achieve this in a secure way.
Using a VPN is usually the most secure solution. Even if there is a major security bug in your Home Assistant installation, attackers still can’t compromise your system as it isn’t publicly available on the internet. Many ISP’s today already provide a VPN service. You need to check with your ISP if it is available and how to configure it.
The disadvantage of a VPN is that you have to connect to the VPN first. This becomes an even bigger issue, if you use 3rd party applications (e.g. device trackers) that want to connect to your Home Assistant server. If the VPN isn’t connected, they will fail and some status informations might not be updated correctly.
Using a public HTTPS server is not the most secure solution, but still ok in general. Just note that you have to always check for security problems and update your Home Assistant installation regularly.
An additional security improvement can be implemented by using a web application firewall in front of the web server. While you can do this by yourself, it it quite complicated. Another option is using Cloudflare. While you can’t use your own rules in the free version, it will still provide some basic security and protection against general attack patterns.
Comparison of both variants
|Security||Highest, as your system is protected even in case of security flaws in Home Assistant||Ok, but you need to make sure that you regularly patch Home Assistant|
|Ease of setup||Relatively easy if your ISP already offers it, otherwise complicated||Medium, guides are available|
|Ease of use||Medium, you always have to connect the VPN first||Very easy|