I'm currently making a small hobby project where I use a Raspberry Pi Zero to control a set of RGB LED's.
I've got a basic python app so far that is built on Flask that allows me to set up a web server so that the LED colours can be set remotely.
My main concern is that I'm self-taught as far as programming goes and I don't know squat about security.
The plan is essentially to be sending any port 80 traffic to the raspberry pi on my home network and give friends my IP. I may eventually get a domain name to simplify things.
Should I have any security concerns when I set this up live full-time? I don't know if it's possible to access my private network via the raspberry pi or if I'm just being paranoid.
You can try putting your Raspberry PI on separate vlan and put your home devices on another vlan. Please note you need a router which supports vlan and configure it in a way that the both vlans cant talk to each other
Also, try using HTTPS for your webserver and don't run the webserver process as root user. If you want to go more crazy you can put a firewall.
These are generic suggestions for hardening the security for any web app.
If your experimenting and learning... might be a great opportunity to try out something called wire-guard, if you don't have the network equipment to support vlans.
https://engineerworkshop.com/blog/how-to-set-up-wireguard-on-a-raspberry-pi/
You and your friends can directly connect to the pi, add some appropriate iptables firewall, and you can restrict them just to that machine.
If you want learn more about secure coding, there are tons of resources. Maybe even get you and your friends 'to capture the pi' .... and learn from each other!
What ever you do , keeping hacking away, and keep having fun....
Related
I am attempting to create a basic chatroom in python, and I would like to know how I could transmit data from one script to another, preferably without using google drive. If needed to, I could create a webserver on Replit, but I don't do well with HTML or PHP.
Side note: I can't port forward, as my google wifi doesn't accept any level of port forwarding.
I would send messages of about 50 characters every couple seconds
Since you mention port forwarding, I assume you want two chat clients that run on different local networks to talk to each other, for example your own and the chat client of a friend in a remote location, over the internet.
If you (or your counterpart) cannot set up port forwarding, then direct communication between the script on your computer and theirs is hard, if not impossible. The solution is to set up a third computer or service on the internet that can be reached by both clients and use it for relaying messages between them.
A network is typically protected by a firewall of sorts and will typically be behind a router that performs network address translation (NAT) to help multiple devices on a network to simultaneously access services on the internet, whilst all using the same IP address on the internet. Port forwarding fits into that by connecting a specific port from the outside directly to a port on a machine on the inside - without that, an outside computer might be able to reach your IP address, but they could never connect to a computer or program on the inside of the network, as the router wouldn't know what computer to contact, also the firewall might disallow the connection to begin with.
But if your computer on the inside establishes a connection with an accessible server on the internet, expecting a response, that creates a temporary conduit through the router and firewall that can be used by the server to send messages (look up 'hole punching' for more information). And if both computers do this, the server can relay message between both clients. Only the server then needs to run in an environment that doesn't have firewall restrictions or NAT that prevent this.
You could write a simple Python server, that accepts incoming connections and can send several responses and a simple client that connects to it, identifying itself and joining a chatroom, or having a direct conversation with another connected client. There are many techniques that would allow you to do this, but I think web sockets might be a good starting point, as long as you don't plan to do advanced fast or high volume stuff that would require something like a UDP connection.
A library like websockets could be a good starting point, but you may want to start out by figuring out where you would have this service hosted first, since there may be limitations on what you're able and allowed to do.
Also, if all you're looking to do is send simple messages, you may want to stay away from writing your own server an protocols at all - have a look around for open source message servers written in a language you are comfortable with, or that just work out of the box without any development, in which case the language doesn't even really matter, as long as you can connect to it and exchange messages from Python.
Configure Flask dev server to be visible across the network
Meaning it runs on my PC's IP address visible to the entire internet and arbitrary Python code can be run via my Flask app?
The direct answer is: yes, it is unsafe. But then again, so is driving a car or eating at a new restaurant with bad reviews.
The point is evaluating the risk. Things to consider:
Are you launching this on a home network? In which case, your router almost certainly comes with its own firewall (and I only don't make the assertion because I can't possibly cover every single case). The server will not be accessible outside of the home network. Maybe there's a malicious housemate harbouring resent and waiting to pounce?
Are you launching on an intranet network? This would be accessible to everyone on the network. The vast majority of people won't be scanning the network for open ports, but you can't rule it out. Low risk., but it could happen that someone finds it.
Are you running this on a server with a dedicated IP (not an internal IP like 10.0.0.x or 192.168.x.x)? Is the particular port you're running on open to the wider internet e.g. no firewall or special rules for that port? In which case, expect to get requests.
Can someone landing on the site actually do something malicious? The whole point of having a web server is for other people to access it. If discovering your app is enough to be a real concern then it's just broken and you should be testing your fears on localhost.
I’ve looked through this forum and couldn’t find a clear answer to helping my situation.
To explain: I’m currently trying to develop an IOT device that mainly consists of a raspberry pi 3. As it’s for a start up business idea I want to reduce costs and not have a server on the cloud.
I thought it would be a good idea to have flask run with gunicorn on the pi and this would be accessed by a desktop app or mobile app that would know the IP address of the pi as well as it’s flask endpoints.
I wanted the pi to be accessible from any other network (not just its local one). I have host on “0.0.0.0” and port 5000 for development but can’t access it through my mobile network.
I have seen similar posts mentioning ngrok (which might make data less secure?). I’ve seen that I might have to forward the port of the pi to the router. But I think this might involve accessing the router set up. And I don’t want to have to do this for every new client.
I have checked other posts on the forum but can’t seem to find what I’m looking for.
Can I ask this forum if my understanding is correct? Can anyone help me out?
Any advice would be greatly appreciated!
If I understood the problem correctly,
If you want to connect to your raspberry pi remotely you should know the IP address of your raspberry pi and need port forwarding. After that, you can connect to your raspberry pi with a public ip address. For example publicraspberrypiaddress:5555 (which port are you using)
Ngrok gives a random subdomain for connection so I don't know how you recognize the ngrok url when device is not near of you.
Alternatively, you can use cotunnel. It gives static url and the device appears on the cotunnel dashboard so you can manage your raspberry pi remotely with ssh terminal too.
Or you should develop your own tunnel-like service, or change your project structure. I don't know another way.
Hi everyone I am trying to make a relatively simple home automation system with ifttt and my raspberry pi model b+. My goal is to create a python script which hosts a web server which can be posted to by ifttt maker channel. The pi needs to be able to detect the post by ifttt and then run an action in my case change the color/brightness/state of an RGB LED. I have already tried use email to control actions but that was very slow and whenever wifi dropped out on my pi the script crashed so I also will need a detection system that can detect when wifi is out to prevent crashes. I am currently 11 years old (Shocker) but I need some help because currently, i am struggling to get anywhere close to my goal. Any help will be greatly appreciated.
The RPi side
There are two separate scripts you need:
1) Python script which will host a web-server.
2) Python script which can manipulate RGB data.(Guess you already have this)
On IFTTT side First of all, check out this IFTTT service called Maker Web-hooks.
Basically, IFTTT is able to hit URLs(in your case, your python web-services). So you expose an API, tell IFTTT to listen to a trigger of you choice. And upon trigger, invoke your web API. This should be very fast.
A Few Notes
1) The RPi's server needs to be accessible from the internet, not just the local wi-fi. This is because IFTTT is going to try to reach out to your RPi web-server.
2) For quick message delivery, you can evaluate MQTT. This has been explained in another answer here. The only shortfall is, you need to register(for free) for an MQTT broker service. So there's essentially an additional entity between IFTTT and your RPi.
3) Like #anjsimmo has said, exception handling is a must. You'll need to do it with any sort of code.
I'm running my personal home-automation system with the same RPi model, using MQTT. Publisher is an Android app and subscriber is the RPi. All the best with your project!
Basically what I'm trying to achieve is a program which allow users to connect to a each other over a network in, essentially, a chat room. What I'm currently struggling with is writing the code so that the users can connect to each other without knowing the IP-address of the computer that the other users are using or knowing the IP-address of a server.
Does anyone know of a way in which I could simply have all of the users scan the IP range of my network in order to find any active 'room' and then give the user a chance to connect to it?
Also, the hope is that there will be no need for a central server to run this from, rather every user will simply be connected to all other user, essentially being the server and client at the same time.
I can give you two suggestions. First of all, UDP packets to the broadcast address of your network will be received by everybody. Secondly, there is a protocol for programs offering certain services to find each other on a local network. That protocol is called mDNS, ZeroConf, or Bonjour.
Using broadcast UDP is likely going to be the faster route. But if I were you, I'd learn how to use ZeroConf instead. It's supported well under IPv6 and already used by several interesting programs such as SubEthaEdit and Gobby.
Here is a link to a nice tutorial for implementing something that speaks ZeroConf in Python.
Another recommendation... If you want to hand roll your own broadcast/multicast UDP code and you can be sure that all of the systems you're on are running a Linux that's newer than 2003 or so, and all the Windows systems are XP or better, you can probably get away with using IPv6. The IPv6 link-local (think same LAN) all hosts multicast address is ff02::1. That's really simple and easy, and it will reach all the other systems on the same LAN. It's much better than having to figure out what your network's broadcast address is with IPv4.