Accessing Mycodo from an outside network

hey there,

I was wondering whether there is an easy way to access Mycodo from an outside network. I kind of leave far from my system and want to be able to monitor what is going on from the Mycodo dashboard. How can I achieve such a thing if I provide a steady network to my Pi? Thanks in advance!

answered a similar quest here

I couldn’t understand much unfortunately from your answer. I saw a couple of examples from my today’s research over the internet such as routing wifi port or using ngrok. But, the part that confuses me is the accessibility to the Mycodo when I apply those kinds of integrations. I would be appreciated it a lot if you could elaborate on these options. Your experiences would be welcome too.

ok let’s start with the easy stuff.
Do you have access to your router? The ip address, username and password?
Also, what make and model router do you have?

Once we have that we can establish where to go to setup the port forwarding.
Port forwarding is basically telling the router that you want to be able to access a certain device over a certain port such as 80 (http) or 443 (https) externally from anywhere.

The second step will then be to change the default port of Mycodo to the port you forwarded.
Currently you access Mycodo using https://(ip address of mycodo)
If you wanted to change the port to 8443 as an example, you would access Mycodo as follows: Https://(ipaddress of mycodo:8443)

In order to do this you must have access to your router otherwise this won’t be possible.

2 Likes

I have a portable WiFi model. I requested a static IP and waiting for it. As soon as I receive it, I will do the forwarding trick. The question is should I set the IP to be forwarded as same as the Pi’s wlan0 network as shown in ifconfig.

The IP address of the Mycodo is currently the same one as I try to ssh connect via the terminal to Pi.

I also think of what port number I should forward to. Does that matter? Let’s say, I would set it as 8443. I also wonder whether it would be possible while I try to make a connection from my cellular for instance as https://{ip_of_pi}:8443. Lastly, in which script I can change the port of Mycodo?

Correct, you are forwarding the port to the PI’s IP address. When a connection is made from outside, the router will forward all traffic on that specific port to the PI’s IP.

Yes that will be the same

Kind of yes, certain ports are used for certain services. Like ssh is on port 22, http is 80, https is 443. I normally just keep it in line with the same “family” of ports, so lets use 8443 in this example :slight_smile:
As long as the port forwarding is setup on the router, and you have either a Public/Static IP that you can access externally or a DYNDNS name that’s attached to your Public IP that you get from your ISP, then yes it will work from anywhere externally.
Some cellular providers do restrict certain ports on their network (restrict meaning you are not able to access certain services over a certain port) This can mitigated by requesting an unrestricted APN from your cellular provider, but let’s cross that bridge when/if we get there.
I’ve not changed the port of Mycodo before so we’ll need to go dig a bit to find the config file.

1 Like

The Mycodo Port can be changed by editing /home/gg/Mycodo/install/mycodoflask_nginx.conf
Best practice is to make a backup of any file you edit first.

Change 443 to your preferred port number
After you have saved, restart the nginx service

Command to open the config file: sudo nano /home/gg/Mycodo/install/mycodoflask_nginx.conf
Command to restart nginx: service nginx restart

You can now access mycodo on your preferred port
(https://IPAddressOfMycodo:preferredport)

1 Like

Be aware this file is overwritten during an upgrade.

2 Likes

Is there a way to change the Mycodo port permanently?

I do this two different ways. One, port forward an obscure port to reduce the risk of public exposure. So for example, if your mycodo box was ..*.101 you could port forward 8101 to 443 and point a browser to https://IP:8101. If you haven’t setup the cert you’ll still get the security warning and can accept it to proceed.

The second option, is if you alone are accessing the machine you could potentially do OpenVPN. Many modern routers support it. Then you could VPN from your mobile device or remote desktop and access it like a local resource.

Unfortunately, never done it. Do you have any tutorial-type videos or blog links? Thanks for the advice though.

For starters you would want to look in the web interface of your router or modem/router combo and see if there is even an option for that. If not, most still allow port forwarding. With port forwarding you could still do the VPN thing as well if you wanted the extra layer of security but that would require running the VPN server on either the Pi or another machine on the network. Port forwarding may just be the easiest option.

Possibly, but I have not attempted it. Port forwarding can effectively change the exposed port, so I’ve never had a need to ever change the default SSL port.

Some routers can host the OpenVPN/Wireguard server. It’s worth checking before trying to spin up your own server on a separate machine.

1 Like

I can recommend https://www.dataplicity.com, even thou networking and servers management is my bread, I still used it for my mycodo because it is simple and it is enough:)

You can forward the web interface (I still recommend that you enable https) to a random domain that is assigned from dataplicity (like, my old pi’s mycodo was on Dataplicity Port Forwarding). All in web interface. You can also access the terminal and reboot the pi in case the web interface stops responding.

2 Likes

It seems very simple and exciting. going to try that. thanks for sharing it. I’ll let you know about the result.

How do you get mycodo web interface to display via wormhole?
As far as I understand correctly wormhole will forward localhost port 80 to the generated link for you to use externally and that mycodo redirects all traffic on port 80 to 443, but I’m not able to view mycodo via wormhole link.
I thought maybe firewall related on the pi but iptables and ufw are not installed.
You had this issue before?

to ensure accessibility as well as security, i rent a cheap VPS which runs wireguard. Both the raspberry and my end user devices are connected to the VPS and thus visible to each other without opening my local networks to the internet.
Once you get your head around it, setting up wireguard is a walk in the park.

2 Likes

@hydrandt I finally had a chance to try dataplicity. I managed the terminal connection to my pi based on the python script they provided. But, I still couldn’t host the Mycodo via the wormhole. There is a piece of information that says “Wormhole takes a website running on localhost port 80 and makes it available at this URL.” but I guess Mycodo isn’t running through port 80, and I don’t know how to forward it. How should I proceed from here?

I really appreciate any help you can provide.

EDIT: I managed to do it after working with it for a while. The only problem was that the Mycodo was starting via port 443 and the wormhole serves on port 80. @KyleGabriel I realized that without passing the argument --ssl in the mycodo/start_flask_ui.py script, the flask app serves in 443. Is there a way to pass the necessary argument while Mycodo starts (somewhere in services)?

Sometimes, I receive "GET /favicon.ico HTTP/1.1" 404 - and cannot connect to the interface. I have to reboot the raspberry and restart the flask UI by --ssl argument for moving it to port 80 again. Would this kind of an integration solve the issue?