What techniques do you use in this project to make remote access more easily?
Essentially a reverse proxy with account verification. ssl and encrypt is used for security reason.
Is this component safe to use and is it possible to be hacked?
Security is a high priority requirement of Molohub. Technically speaking, we maintain a heartbeat connection and data transmission with the server through a secure tunnel TCP long connection. The advantage of this is that our data will theoretically only communicate with our server, without exposing the port to the external network.
- As the web usage level, users must log in to the already connected account get OpenID to remote access HA. This way, even if no password is set in the http component, it will not be accessed by others. Of course, it is recommended to set the http password.
- With MFA(Multi-factor authentication) enable after HA released in 0.77, the security of access contronl is more guaranteed. Even Someone get users password can't access.
- Website www.molo.cn currently use the https protocol, which can effectively prevent malicious hijacking from leaking information.
- The TCP secure tunnel only communicates with hub.molo.cn. Only through Molohub access can this channel communicate with the Http interface of the HA platform. This avoids exposing a listening port on the public network.
- We don't store any data entered by the user, nor will we save the data that just passthrough.
- Compared to the regular reverse proxy solution, We have added channels for account verification and secure encryption, which will make us more secure. The only risk that everyone is worried about may be that the server code is not open source, and there is a possibility of information leakage or collection.
Why not just make server programs open source?
In theory, the open source of the service program allows users who are concerned about privacy issues to choose to build a server to run the service. However, since the platform was designed to be one service for multiple users at the beginning of the design. This means that changing the program to a one to one bound program requires a lot of work, and the user also needs to apply for an auth from a third party, which we think is too complicated.
What data is currently stored by the server?
In a word, we only temporarily store the data needed for the feature. Once the user logs out of Molohub, the data will be deleted. Specific details can be seen in our agreement.
Why not support multi-device binding
There should be a few situation where a person has multiple Instances. At least users around us don't have this situation, so this feature will not be available for the time being.
How to feedback questions
- Open issue at our Github project.
- Join QQ group NO.598514359
Molohub is currently a component of Home Assistant. Its main purpose is to make it easy for users who use HA to deploy a component that can be securely and conveniently accessed remotely.We think that HA is a very practical platform and appreciates the work of the community.
Why do you do something like this?
First of all, HA is a very good platform, and members of the team have HA deployed at home to control appliances and smart speakers. One day, in the practical experience of communication, it is very complicated to find that accessing via mobile phone. The mainstream solution needs to deploy DDNS and Port Forwarding or reverse proxy that may need to pay, and there are some problems in stability. Based on this we will consider whether we can have a simpler solution that all you need do is just make it enable.
What's the purpose
Here we can clarify that the main purpose of this project is to provide a simple function to meet some of our own functional needs for HA. It is also part of our value in embracing our open source community in our spare time.
Introduce your team
Our team has about 5 people, because some of the experience of communicating and using HA has given us a common topic. We currently use the time outside of work to develop and maintain this component, and this project is not currently a business practice of our company. Our team is very willing to contribute to the open source community.
How long did it take?
It took about 6 weeks from the beginning of the exchange of ideas to the final release, because development and discussion are concentrated in the parttime, weekend after work, so the progress is relatively slow.
The service is free, where does the money come from?
There are some benefits in the usual work, these benefits can be rented some cloud servers for free. Therefore, based on our judgment on the amount of users and the amount of concurrency, it is planned to be free for at least one year. Other services may be provided later, not limited to the HA platform, as long as the functions of the open source community can be improved. When we find that resources are difficult to afford, we will consider receiving donations or launching some paid projects. At this stage, profit is not our goal. We only hope that HA can become more powerful and used through some professional skills and resources.
What's your next plan
There are no specific plans yet, and maybe some new components. Turn the technology in Molohub into a universal reverse proxy service maybe another option.