[Never worked with a RPi before, absolute noob on that field]
I want to make a desktop/mobile app to access a program on a RaspberryPi. The only task of the app is to send a command and display the received response on an UI. It's meant only for private use, but it should also work outside my local network. So as long as I have mobile internet on the phone it should be possible to access the program with the app.
Can I achieve this without using any kind of public website? I saw some tutorials that used Flask and other frameworks to do sth similar, but I want the access to be restricted to the app. There shouldn't be any URL I could type in my browser, that gives me access to a login page or sth like that.
If you know the specific term for what I am describing here or even better an article/tutorial that features it, that would be very helpful.
You need two things for that:
Make your Raspi visible to the outside world. That can typically be done by configuring port forwarding in your router. Note that this might impose a certain security risk.
Make sure you have a global DNS name for your internet access. Since the IP of your router may change frequently (depending on your ISP), you need a URL or rather, a DNS entry. There exist public DNS services that can assign a DNS entry to a dynamic IP (typically for a fee). Many routers support a protocol to configure such services.
After that, you can program an app that uses the given DNS entry to talk to your Pi.
So no, without a public URL, this is not possible, at least not over the long term. You might be able to go with the public IP of your router, but then your app may fail from one day to the next.
Related
Some people are trying to access my site (I believe they are hackers), and when I blocked their IP, I noticed they used VPNs to access my site again. Is there any way I can prevent people using a VPN from accessing my site?
Any help will be VERY appreciated, I've been trying this for so long.
This is how I am blocking IP addresses:
ip_ban_list = ['130.180.2.129', '109.40.2.120', '37.120.205.148', '109.201.143.78', '37.120.132.76', '37.120.132.66', '185.244.215.134', '109.42.1.48', '109.42.2.193', '172.67.16.210']
#app.before_request
def block_method():
ip = request.environ.get('REMOTE_ADDR')
if ip in ip_ban_list:
abort(403)
Thanks in advance.
VPN providers do their best to hide that their users use VPN. Every IP list will be outdated soon and if you find out a method to identify VPN / Proxy they will find way around it.
If you have a system with limited number of users, blocking all IP addresses but whitelisting ones you want to access is effective approach. But process to start using your system is harder. Of course, you can automate that process a bit, for example by adding IPs to whitelist when user register his account. But that mean that your users needs fixed IP address and consumers does not have that option. So this approach works only in B2B solutions.
Other approach would be geoblocking. You can allow access only from IP addresses which are from certain country or region. But this kind of limitations are easily worked around with VPN / Proxies.
Third approach would be to dynamically add IPs to blacklist if you notice some suspicious behavior. Easy example would be if you notice that there is multiple failed login attemps from certain IP, you block it. And there can be some other sings of malicious traffic which can trigger your dynamic ban. It would be worth to make these dynamic bans temporary, so they would expire in a few hours. This method does not identify VPN, but may prevent hacking attemps.
So I created a simple Flask app to automate certain calculations we often have to do in math class. I'm now trying to let my friends use it too but I can't get the local port forwarding right. When I run the app I can access it from my local network but not from outside of it. (I tested that by trying to reach the web app through my phone on mobile data, and it doesn't respond.) I'm aware that ssh tunnelling is probably a better way to do this, but I still want to figure out what I'm doing wrong here.
I am very new to this and used this video as a reference: https://www.youtube.com/watch?v=jfSLxs40sIw. Here's a brief summary of the things I already tried:
I changed app.run() to app.run(host='0.0.0.0',port=5000) to make Flask respond to all public ip's.
When I now run my app I can access it from my computer via:
http://0.0.0.0:5000/
http://127.0.0.1:5000/
http://192.168.1.101:5000/
I then used freedns.afraid.org to create a subdomain flaskdries.mooo.com. When redirecting the subdomain to the latest ip-adress in the list (192.168.1.101:5000) it would always refuse to connect, even on the pc that's running the app. Using 127.0.0.1:5000 eventually did the trick for all the devices on my network (image), but still not for devices outside of my network.
I guess that's an obvious thing since my WAN ip is nowhere to be specified in this method. So if I'm correct, when someone goes to the subdomain, there is no link to my router so also not to the device running the app. The problem is that I have no clue where I should specify my WAN ip or something similar.
I noticed that when I created the subdomain the destination was automatically set to my WAN ip
(image). At first I thought simply adding :5000 would work, but unfortunately it doesn't.
As you might have noticed I am extremely new to this and don't really have any other information i can rely on apart from the internet, so any help is welcome!
Thanks in advance,
Dries
After more research I figured out that the problem was that I have a seperate modem and router. For most people one port forward inside the router is enough, but I also had to forward a port from my modem to my router. Kind of annoying that I didn't think of that earlier. Thanks to everybody for responding tho.
Hi and welcome to stack overflow.
In order to access you app from the internet you will need an external static IP that you should be able to obtain from your internet provider. You then set your domain to point to that IP. If you don't want to specify the port each time, you can run you flask app on port 80 or 443 if you want https.
Also it is probably advisable to run it behind a web server of some sorts, like nginx since app.run is only intended to be used for local development.
You are using the ip adresses of you local network.
If you have port forwarding enabled to you machine then you have to use you public ip adress.
Your router should have the public ip adress in the admin interface.
Simplifiyed explanation:
You domain shoud lead to the external IP of your router.
Your router then forwards the request to your machine via portforwading (network IP address).
I'm sure this question is easily googleable, but I can't seem to find the right query to find the answer I want.
I'm running several apps on my home server that all serve their own website for admin and info purposes. Currently I access them all from the internet using http://MyHouseServerAddress.com:8080 etc. Where 8080 is replaced with 8081, 8082 etc. for each app. They all have their own usernames and passwords and some of them use SSL
What I want is to have a single access point, e.g. http://MyHouseServerAddress.com which gives me access to each app. Each app will have a link on that page which will take you to that app's website as if it were just a page on the main site. However... I want the single access point to be password protected and SSL'd, BUT I want to remove the passwords from all the apps as they would be accessed through the single "portal" of the initial page which is password protected and SSL'd. I.e. each app would still serve on it's original port, but that port would no longer be accessible via the internet, instead any traffic from that port would be routed through the single access point.
What I'm trying to do it get a single password login, preferably via SSL to my home server which gives me access to all my other serving apps but also secures them all behind the single login.
Can this be done with a python script or a C# app for instance running some sort of proxy or port forward script? Or would running an Appache server that can redirect traffic through itself work? I'm happy to write code to solve the problem if needed.
I hope this makes sense!
I'm running W7 on my home server.
Thanks,
Max
This sounds very much like a portal with single sign-on. I haven't tried, but you might get away with implementing oauth on your sites and have the main site be the provider.
Other way would be to use soemthing like CAS.
Look at this question for options.
You can install Apache+PHP on port 80, install PHP Web Proxy on it, allow local access to your apps (so they allow access without password from localhost) and secure this gateway with .htaccess and .htpasswd, or another way.
This is most simple solution for home using. Good enterprise solution would be SSO, bad it is not simple.
For a college project for my course on Introduction to Programming, I decided to make a small software that traces the IP address and puts them nicely on a GUI (PyQt). Not a big deal I know, but still I like the idea.
So I Googled around and found MaxMind's IP and their free offering and the pygeoip, which is an API for the MaxMind GeoIP databases. Pretty cool, eh!
But the downside is that to query their database, I have to download individual databases for country city. This is not good cause I have to make the end user download additional files (in MBs) just to look up an IP address.
So I am wondering, is there another method of doing this? How do I trace IP addresses? Note that I need them down to the city level, if possible. Something like this guy aruljohn.com/track.pl
Thanks!
I would have preferred "pygeoip", because it allows you to develop a complete solution locally. Of course, you will need to keep the database.
If you do not want to keep the database locally, you will have to depend on an external service to query for location of an IP. This will keep your solution small but dependent on this service.
For this check out: ipinfodb.com
http://ipinfodb.com/ip_location_api.php
They provide JSON and XML APIs interface which should be sufficiently easy to build.
Check out more information at : http://ipinfo.info/html/geolocation_2.php
I have even better idea. Why don't you make a very simple web app, which will do the actual look up; and you PyQt client would do HTTP request to that. Or maybe in that case you don't even need a client. Just make a web page to get IP address and show city.
I wanted to know if there was a way I can get my python script located on a shared web hosting provider to read the contents of a folder on my desktop and list out the contents?
Can this be done using tempfiles?
Server-side web scripts have no access to the client other than through requests. If you can somehow break through the browser's protection settings to get JavaScript, Java, or Flash to read the contents of the client then you stand a fighting chance. But doing so will make many people angry and is generally considered a bad idea.
Unless your desktop computer has a public, accessible IP, neither your app running on a shared web hosting provider, nor any other app and host on the internet, can get information from your desktop computer. Does your desktop computer fall within the tiny minority that does have such a public, accessible IP?
If not, and if you're willing to run the obvious risks involved of course, you can try turning the (probably dynamically assigned) IP address that your ISP gives you into a resolvable domain name, by working with such DNS providers as DynDNS -- it can be done for free.
Once you're past the hurdle of public accessibility, you need to run on your computer some server that can respond to properly authenticated requests by supplying the information you desire. For example, you could run a web server such as Apache (which is powerful indeed but perhaps a bit hard for you to set up), or the like -- and a custom app on top of it to check authentication and provide the specific information you want to make available.
If you have no privacy worry (i.e., you don't mind that any hacker in the world can look at that folder's contents), you can skip the authentication, which is the really delicate and potentially fragile part (given that there's really no way for your app, running on a shared web hosting provider, to hold "secrets" very effectively).
If you can clarify each of these issues, then we can help pinpoint the best approach (what to install and how on both your desktop computer, and that shared web hosting provider).