Hardening Your WoowTech Installation
Because WoowTech runs entirely on hardware you own and doesn't lean on third-party cloud services to function, a whole class of security worries simply doesn't apply. That said, a handful of easy habits will tighten things up further — and they matter most the moment you decide to reach your system from outside the house.
A quick security checklist
Start with these baseline measures:
- Move every credential and token into a secrets file, and make sure you keep backups of your configuration.
- Heads up: the
secrets.yamlfile only separates your secrets from the rest of the config — it does not encrypt them. - Keep the software current. New releases ship monthly, so updating roughly once a month keeps you patched.
Reaching WoowTech from outside your network
If you want remote access with the least fuss, WoowTech Cloud is the path of least resistance — and subscribing also helps fund the Open Home Foundation.
Prefer to roll your own? Any of these will work:
- Set up TLS/SSL by pairing the Duck DNS integration with a free Let's Encrypt certificate.
- Tunnel in over a VPN or an SSH tunnel rather than exposing the service openly.
- Forward a port on your router to publish the service to the internet.
Going further on a manual install
Running WoowTech as a manual installation? A couple of extra steps on the host operating system are worth doing:
- If the box accepts SSH logins, edit
/etc/ssh/sshd_configto setPermitRootLogin no, and switch from password logins to SSH key pairs. - For broader host-level hardening, lean on the established guides:
- The Securing Debian Manual — also relevant for Raspberry Pi OS, which is Debian-based.
- The Red Hat Enterprise Linux 7 Security Guide together with the CIS Benchmarks.
Hardening Your WoowTech Installation
Because WoowTech runs entirely on hardware you own and doesn't lean on third-party cloud services to function, a whole class of security worries simply doesn't apply. That said, a handful of easy habits will tighten things up further — and they matter most the moment you decide to reach your system from outside the house.
A quick security checklist
Start with these baseline measures:
- Move every credential and token into a secrets file, and make sure you keep backups of your configuration.
- Heads up: the
secrets.yamlfile only separates your secrets from the rest of the config — it does not encrypt them. - Keep the software current. New releases ship monthly, so updating roughly once a month keeps you patched.
Reaching WoowTech from outside your network
If you want remote access with the least fuss, WoowTech Cloud is the path of least resistance — and subscribing also helps fund the Open Home Foundation.
Prefer to roll your own? Any of these will work:
- Set up TLS/SSL by pairing the Duck DNS integration with a free Let's Encrypt certificate.
- Tunnel in over a VPN or an SSH tunnel rather than exposing the service openly.
- Forward a port on your router to publish the service to the internet.
Going further on a manual install
Running WoowTech as a manual installation? A couple of extra steps on the host operating system are worth doing:
- If the box accepts SSH logins, edit
/etc/ssh/sshd_configto setPermitRootLogin no, and switch from password logins to SSH key pairs. - For broader host-level hardening, lean on the established guides:
- The Securing Debian Manual — also relevant for Raspberry Pi OS, which is Debian-based.
- The Red Hat Enterprise Linux 7 Security Guide together with the CIS Benchmarks.
Start writing here...