Accessing Home Automation Web Interface Securely Without VPN

Gerbaumer · March 13, 2025, 1:29pm

I have developed a local web page for controlling various smart devices in my home. Currently, I can only access it within my local network, but I would like to control these devices over the internet from my remote workplace where I cannot install any tools beyond a web browser.

I’m aware of the possibility to use dynamic DNS to access my router and then use port forwarding to reach my web server. However, my custom webpage does not have any built-in authentication, which is a major security concern. I would prefer to implement a pre-configured authentication system that is easy to set up.

Considering the risks of port forwarding and not wanting to expose my private IP address, another option could be using a cloud provider to establish an authentication system, which would then relay requests to my home server, connected via a VPN to the cloud server.

I am looking for advice on whether there are secure methods to implement an authenticated proxy or readily available authentication services to safeguard my setup.

Any suggestions or insights into how I can achieve this would be greatly appreciated!

juanr1vargas · March 13, 2025, 1:29pm

You can use nginx proxy manager and set up an access list or set up tailscale.

Kalmarv · March 13, 2025, 1:29pm

Port forward, but use Caddy + Cloudflare DNS. That way your IP isn’t exposed.

Then use Cloudflare access to require 2FA and limit it just yourself.

usa_commie · March 13, 2025, 1:29pm

Keycloak + gogatekeeper

aj10017 · March 13, 2025, 1:29pm

cloudflare tunnels + app access which lets you put stuff behind authentication

RedVelocity_1 · March 13, 2025, 1:29pm

Tunneling is the way to go. Setting up Cloudflare tunnel is pretty easy and secure, there’s several YouTube videos about it.

fupzlito · March 13, 2025, 1:29pm

a low code, high security solution for nginx is Quiq/webauthn_proxy, it utilizes WebAuthN Passkeys.

i use it myself to access my services securely from school or work environments without ever typing a password or leaving any auth info on the host.

in combination with Cloudflare DNS, it is a fairly secure way of exposing a service

AutomaticEnd3066 · March 13, 2025, 1:29pm

Cloud Flare Tunnels can handle authentication. However you REALLY need to get that system secured before you consider doing any of this. You’re one zero day away from a disaster.

Gerbaumer · March 13, 2025, 1:29pm

I’ve read some good things about Tailscale, but I guess I would have to install it at my remote workplace, which isn’t possible.