Ok so here is what I am trying to do and not sure where to start I think.
I have numerous devices that I access internally on their local IP and port 80. I can access a large NAS, Security, Printers, Cooler Controller, Lighting and electrical controller, ETC… There are a ton of IOT items in my house and I want to be able to get to all of them easily from anywhere. I was going to put something online like www.mike.com that allows me to log in and see all of these devices. This is where I fall down.
Should I just set up say 10 random ports on my router and forward to each internal IP:80 and then use links on my website that conncect to say www.mike.com:8080 - 8090? The site will be hosted on one of my random boxes so the domain will be controlled by Duck DNS.
Suggestions? I am doing this all wrong and am an idiot?
Point me to something I can read and failed to search out if you will.
I don’t want them fully accessible from the internet, but I do need to be able to give myself and others access to them. This sorta kills the VPN idea as well as my office blocking any VPN connections from their network. I will lock it down as tight as possible, enough to at least keep all but the most determined out. If someone gets in all they are getting is access to my smarthome and I will know if they turn off lights and go fix it.\
I just figured there has to be a better method. I am not sure if I am searching the wrong terms or what but I am not finding much.
If you don’t want to VPN or SSH tunnel and you don’t want to forward a different port directly to each device then your only choice is a HTTP proxy through NGINX for example. You can forward your connection to this, simply turn on authentication and then have that server handle the routes so for example www.mike.com:8080/stereo would forward to the IoT stereo. Config would be run server on a Raspberry Pi or something, edit your default NGINX config do this for every device you want. Answers on www.mike.com:8080 and will forward the /device to the IP you want
Yes. That is pretty much exactly what I was thinking. I can share the /device_name part with the people that I want to have certain devices and they will be none the wiser to the others.
I will give that a shot later and see if I can make it work. Next up after this gets working is reprogramming some Amazon dash buttons to do shit around my house.
Good luck. NGINX is amazingly simple and fast so you don’t need anything big to run it on. Hell I had it running on my ESP8266 Wifi chip. If you want to restrict access to certain elements like you can let people see the temp of your fridge but don’t want them to see what lights are on in your house then you can do per location auth and multiple conditions so if you aren’t on your work network or office internet for example, you prompt for a password only on /lights but /fridge is public.
I mean you can follow my blog and simply just enable a free SSL cert too if you ran NGINX from LetsEncrypt. If you run this on a raspberry pi the letsencrypt-auto binary may be SLOWWWWWW tho.
