The easiest way to access your HeaterMeter from outside your network is…


 
BrunoBronosky

BrunoBronosky

New member
…an Open Source CLI utility called ngrok. I invite discussion of other methods. That's why I didn't include my bias in the title. As always, I'm open to better ideas.

To use ngrok, simply ssh into your HeaterMeter, or any other Linux or Mac machine on your network. [First you must install ngrok on it, of course.] And run the application. It will return a temporary URL that you/anyone can use to access your destination IP+Port.
 
I've got Wireshark VPN setup through PiVPN. When I'm away from my house it makes my phone think it's on my local network. I always have it running on a different Raspberry Pi, but I assume you could install PiVPN on the same Pi as HM, as long as it's running some version of Linux. The advantage of a VPN is you don't have to open up any ports on your router and Wireshark is very lightweight and fast.
 
Kai G said:
I've got Wireshark VPN setup through PiVPN. When I'm away from my house it makes my phone think it's on my local network. I always have it running on a different Raspberry Pi, but I assume you could install PiVPN on the same Pi as HM, as long as it's running some version of Linux. The advantage of a VPN is you don't have to open up any ports on your router and Wireshark is very lightweight and fast.
Click to expand...

trying to wrap my head around WireGuard Vpn that was recommended by a friend. Not getting the hang of it yet. These devices run OpenWRT. Well, Bryan built on the LEDE fork but has since merged back. So whatever you find, if it’s setup to run on O wrt then it should work on HM, in theory anyway lol
 
KeithC said:
trying to wrap my head around WireGuard Vpn that was recommended by a friend. Not getting the hang of it yet. These devices run OpenWRT. Well, Bryan built on the LEDE fork but has since merged back. So whatever you find, if it’s setup to run on O wrt then it should work on HM, in theory anyway lol
Click to expand...
It's pretty nice once you get it set up, but I did misspeak in my first reply. You do need to forward a port to the WireGuard local server, but once that's done you won't have to forward ports for anything else. I've got a Pi 3 running PiHole ad blocker along with PiVPN. It allows me to check our baby cameras securely without exposing them to the internet directly. Since I'm virtually on the local network I can also securely access my HM or any other local devices like printers or my NAS.
There are tons of videos on YouTube explaining how to set it up way better than I could. If you can build a HM you can set up PiVPN.
 
Simplest way for me is just to open a port 8080 in my router and assign a permanent IP address to the heater meter.
Bookmark the address.
Done.

if your ISP changes your router address periodically then you need something more complex.
 
MartinB said:
Simplest way for me is just to open a port 8080 in my router and assign a permanent IP address to the heater meter.
Bookmark the address.
Done.

if your ISP changes your router address periodically then you need something more complex.
Click to expand...

Simple but highly insecure. I tried working with that method and it wouldn't switch over to https, which you should be using when passing any sort of credentials. it's a huge security risk to your HeaterMeter & possibly your entire network should there be an exploit used on OpenWRT.

I set up pivpn yesterday on an old Model B 2.0 with wireguard. it went fairly smooth. I trust that way more than a straight passthrough with no encryption.
 
KeithC said:
Simple but highly insecure. I tried working with that method and it wouldn't switch over to https
Click to expand...
You would forward the https port and not the http port, and boom "highly secure" (although not really because what IoT device with any open port directly connected to the internet is). It does fully protect your login credentials though. The default SSL certificate is self-signed but you can obviously replace it with a legit cert by uploading it through the webui Services -> uHTTPd.
 
Bryan Mayland said:
You would forward the https port and not the http port, and boom "highly secure" (although not really because what IoT device with any open port directly connected to the internet is). It does fully protect your login credentials though. The default SSL certificate is self-signed but you can obviously replace it with a legit cert by uploading it through the webui Services -> uHTTPd.
Click to expand...

the browser wasn't accepting the cert, kept flagging it as a malicious site. finally figured out it was expired lol. at that point I was done trying to forward ports. I just have one forwarded now to the pivpn. it connects really quick (flip of a switch on the phone) and I don't have to change the ip in the phone app or browser to access the HM, so it's actually more convenient imo having it this way... other than having it on the HM itself, which I couldn't figure out how to get LEDE to load the fireguard packages.
 
Nice one, @Steve_M. I was trying to accomplish the same issue, but took a slightly different approach.

All my webservers (multiple) run in Docker containers and I run a reversed proxy server (nginx-proxy) to make all of these (web-based) containers accessible tothe outside world. Certification is managed by Let's Encrypt.

The challenge was to add the heatermeter, because it isn't running in a Docker container. The solution was creating a proxy container specifically for HeaterMeter and routing all traffing (including the event stream, which was a bit more tricky) between the Heatermeter and nginx. But, it works!


Next stop is creating a nice HTTP 50x page when the HeaterMeter is disconnected :)
Edit: Done! ;)

1600197844756.png
 
Last edited:
I've got a similar setup where I've got a raspi running nginx as a reverse proxy, letting nginx handle all the SSL termination. I just have multiple server entries, with each one doing a proxy_pass to the backend servers. Some of them are containers (unifi controller, home assistant), some of them aren't ( heatermeter, hdhomerun units ).
 
You must log in or register to reply here.

 

Back
Top