password protect ESPHome web interface

[ShaneBoland]

This board is great I purchased 2 and plan to order more for family members. However, I'm concerned that the interface doesn't require credentials. How do you password protect access to the ESPHome web interface? Although I plan to isolate the ratgdo with firewall rules, I want to also password protect access to both the web interface as well as requiring credentials for home assistant on the initial initial connection. Any help would be much appreciated. Thank you

[restauffer]

See https://esphome.io/components/web_server.html#configuration-variables

for info on how to put credentials on the esphome web server component.

See https://www.home-assistant.io/docs/authentication/

for info on setting credentials for HA. A vpn is advisable if you want access from outside your home network.

Ricke

[billmoseley]

Is there a problem simply not running the web server? The docs do say:

Please note that enabling this component will take up a lot of memory and may decrease stability, especially on ESP8266.

Maybe disabling solves the security issue and improves stability.

You can back out web_server: if using packages: like this:

packages:
  ratgdo.esphome: github://ratgdo/esphome-ratgdo/v25iboard.yaml@main

web_server: !remove