Hello,
This is not a mycodo specific issue. I wanted to ask what is the easiest way to access mycodo remotely when the RPi is connected to a 4G router with no public IP.
Ideal situation
I would like to access mycodo from anywhere e.g. by typing https://mycodo.mygreenhouse.com in a browser. Problem
Mycodo is usually accessed by port forwarding from the router to the RPi. This works easily on the local network and can work on the external network as long as the router has a public IP. 4G routers may not have public IPs due to CGNAT (Carrier grade network address forwarding) which allows multiple SIM cards to share the same IP address. This prevents port forwarding from working and thus access from outside the network.
I have a domain which allows for the URL redirect to the router so this is not an issue.
Potential solutions
Switch from 4G to DSL - not really possible due to the fact that the RPi and router are sitting in a remote area (a farm)
Host mycodo on a cloud platform - would need a lot of development for a relatively small issue?
Obtain a static 4G IP from the carrier - I’m digging into it but it’s unlikely to be possible
Use a VPN: my router (TP Link MR640) has some VPN capabilities, but I’m not sure how to set up the VPN (on the router? on the RPi? How does that interact with port forwarding? etc.).
By far the easiest solution is a reverse proxy. This doesn’t require configuring any of the networking hardware that your remote system is behind or even knowing the IP of the remote system. I use reverse proxies for several of my remote systems and I can set them up beforehand and once I give them internet access, wherever that is, behind any and all types of convoluted networking, I can immediately access them without issue, both SSH and HTTPS.
What I’ve been using is the open source frp. I use it so much, I even sponsor the developer. This great piece of software needs more publicity.
Thanks Kyle. This would work great – I’ve used nginx for a reverse proxy to great effect too. I’m concerned about the need for a public IP, could you help me reconcile
This doesn’t require configuring any of the networking hardware that your remote system is behind or even knowing the IP of the remote system
and what I’m reading from the GitHub of frp:
On server B, modify frpc.ini to put in your frpsserver public IP as server_addr field:
frpc.ini [common] server_addr = x.x.x.x
server_port = 7000
The remote system has the frp client configured to connect to your frp server. You must host the server on one of your systems that you know the IP address of. In order to prevent issues when your home server IP address changes, you can configure your frp client to connect to a domain you control (I do this) or use any of the free DDNS services that give you a domain you can update with your latest IP of your server. You can have a script even automate this process whenever your IP changes. I also use a VPS to host my frp server (actually the same one this forum is hosted on) so I don’t have to worry about maintaining the server hardware. I can even redirect all my clients to a different server by changing the IP the domain forwards to if I wanted to move the frp server to different hardware or IP address (without having to reconfigure any of the clients).
Once all your frp clients (remote systems) are connected to your single frp server, you merely connect with SSH or HTTPS to the configured ports of the IP of your frp server and it will tunnel the connection to the appropriate frp client port (in this case SSH or HTTPS).
So at a minimum, you will need the server to have a public IP, either for your home network if hosting at home, or you can purchase a cheap VPS. Either of these can have a DDNS domain forward to your frp server IP, which all your frp clients can connect to.
Thanks, that is very helpful. I managed to set up the connection, but the domain resolution ends with a SSL protocol error. How do you manage the SSL encryption? I am assuming the lack of certificates is the issue here. I have seen people using nginx as intermediate to FRP but that sounds like an unnecessary layer.
Then, all you need to do is connect with an SSH client to user@domain_name_to_your_frps_server.com:5001 to SSH into the Pi, or in a web browser go to the address https://domain_name_to_your_frps_server.com:5002 to access the Mycodo web interface.
Here are two systemd service files I made so you can auto-start the server and client on your systems:
Make sure you copy the config file to /etc/frp (or wherever you want), copy or create a symbolic link of frps or frpc to /usr/bin, then enable and start with the commands:
sudo systemctl enable /path/to/frp-server.service
sudo service frp-server start
Works like a charm - I must have messed up the config files somewhere along the way. I changed the client remote port to 443 just for easier access and it still works. Thanks a lot again !
I’ll be in touch soon about plugging in an IP camera with ONVIF into mycodo – hope I’ll be able to contribute more this time around…
What I use is a program call ZeroTier. Add the program within the Pi and what ever other device your was to add to the network to communicate. It like a virtual network!