Access to BB over the web?

Discussion in 'Build Help' started by Old_Tafr, Apr 2, 2016.

  1. Old_Tafr

    Old_Tafr Well-Known Member

    Joined:
    Mar 7, 2016
    Messages:
    561
    Likes Received:
    75
    Having got OctoPi working, used PuTTY to access the Pi and can view using the camera everything is setup to play.

    I'm sure I read that access is possible over the web, but I assume this needs a change my router?
     
  2. Westsidee

    Westsidee Well-Known Member

    Joined:
    Sep 6, 2015
    Messages:
    73
    Likes Received:
    40
    1. Conf unique port for OctoPrint in your router under portforwarding section (let say we use port 1000), and forward it to your local OctoPrint IP adress. Local IP adress is the same you use to access it with Putty.
    2. Get free Dynamic Dns name. Like MyOctoPrinter.freedns.com. Google it.
    3. Now you access you Octo from anywhere at this adress:

    Http://MyOctoPrinter.freedns.com:1000/

    Good luck!
     
    #2 Westsidee, Apr 2, 2016
    Last edited: Apr 2, 2016
    Old_Tafr likes this.
  3. Old_Tafr

    Old_Tafr Well-Known Member

    Joined:
    Mar 7, 2016
    Messages:
    561
    Likes Received:
    75
    Thank you kindly.
     
    Westsidee likes this.
  4. Stefan

    Stefan Well-Known Member

    Joined:
    Feb 17, 2016
    Messages:
    323
    Likes Received:
    43
    BUTTT make sure You have credential setup for your Octopi web interface with kind of strong password. Or some stupid troll can do bad stuff with your printer/ prints.
     
    Trevor likes this.
  5. wfredette

    wfredette Well-Known Member

    Joined:
    Jan 11, 2016
    Messages:
    89
    Likes Received:
    25
    @Old_Tafr , let set up a me know if you get this working, and how you managed. I have had no luck with it. I was unable to forward port 5000, or any other port, successfully to the internal IP of the OctoPi.
     
  6. Stefan

    Stefan Well-Known Member

    Joined:
    Feb 17, 2016
    Messages:
    323
    Likes Received:
    43
    Do you have a Internet connection which can be reached from outside?
    I have a so called ds-lite (dual stack- lite), in Germany, which is a ipv6 with some tunnel/proxy thing on the ISP side for ipv4.
    So I can not access or port forward with ipv4. Maybe with IPv6 but my other devices and Internet accesses (work) do not have IPv6.
     
    #6 Stefan, Apr 6, 2016
    Last edited: Apr 6, 2016
  7. Trevor

    Trevor Well-Known Member

    Joined:
    Oct 22, 2015
    Messages:
    100
    Likes Received:
    10
    Like print a 10ft dickbutt.
     
  8. Stefan

    Stefan Well-Known Member

    Joined:
    Feb 17, 2016
    Messages:
    323
    Likes Received:
    43
    hmm almost, but it is kind of dictionary based, so not the strongest...

    "004234r2nmkr92rjp23~$2323423##423423ahhhhhh" would be good :D
     
  9. Pierce

    Pierce Well-Known Member

    Joined:
    Sep 4, 2015
    Messages:
    249
    Likes Received:
    67
    And change default raspberry pi username and password if your exposing it to Web as well!

    Also look up raspberry pi vpn server for some other guides of how you could do this
     
  10. Old_Tafr

    Old_Tafr Well-Known Member

    Joined:
    Mar 7, 2016
    Messages:
    561
    Likes Received:
    75
    I have not tried yet as I have a somewhat simple router (so config may not be possible) and need to be away from home to try it. I have another router but this means lots of changes which will affect others at home unless I can have both running (router and modem are separate in my case so it may be possible to have two routers on at the same time, more trawling of forums ! )

    Things I would look for are putting the Pi in the "DMZ" this is a zone between the Internet and your home network so access is not given to ALL your network when you do the port forwarding. This was not mentioned in the original instructions.

    Separately (WiKi will get updated) not only give OctoPrint a strong password and login name but also change the default password for login on the Pi too (the bit when using PuTTY in the instructions gets to this)

    Some routers don't allow the protocol for some types of remote access (I need to check on this)

    Let me know what make and type of router you have.

    Did you setup a "dynamic DNS" name with a free service? (OR get a fixed IP address from your ISP?) Don't tell me what the address is as this ends up being a security risk for you, especially with robots connecting to forums.

    Did you put the port number after the name? like ........myhomeaddress.com:5000 (see the original example above. the :5000 is the port you have forwarded. You may or may not need the / after the port number.
     
  11. Old_Tafr

    Old_Tafr Well-Known Member

    Joined:
    Mar 7, 2016
    Messages:
    561
    Likes Received:
    75
    Also check that your Pi IP address remains the same (otherwise the port forwarding won't go anywhere other than the ether) Depending on how you feel about configuring your router and/or your Pi it is better to give the Pi a fixed IP address (a little simple Linux) OR extend the lease time for DHCP on the router (weeks) so the Pi always gets the same IP address. If you give the Pi a fixed address then choose one outside the DHCP range of the router.

    Shout if you need help on this.
     
  12. Old_Tafr

    Old_Tafr Well-Known Member

    Joined:
    Mar 7, 2016
    Messages:
    561
    Likes Received:
    75
    Setting up a VPN is not too difficult depending on your skill level and the ability of software and if the router supports the protocol you use, but it may complicate the issue at the moment :) Simpler just to sort out the port forwarding, get the Pi in the DMZ, get a fixed IP address and or use dynamic DNS so all these things known and then sort out why it isn't working.
     
  13. Dr Jeep

    Dr Jeep Well-Known Member

    Joined:
    Sep 12, 2015
    Messages:
    530
    Likes Received:
    169
    One other thing to be aware of if you are going to make it accessible from outside.

    Out of the box when I tested it, octopi seems to have an issue in that your print queue (including download capability of gcode/stl's) and the camera feed are accessible even when the user is not logged in. That's a nasty design decision IMO but likely easily fixed through configuration or modification.
     
  14. Alex9779

    Alex9779 Moderator
    Staff Member

    Joined:
    Sep 4, 2015
    Messages:
    2,405
    Likes Received:
    731
    That's correct but I do not think it's nasty. It was decided so it is. You're free to develop an admin that adds more sophisticated user management.

    TO sum up the rights again:
    Everyone can access OP and see what is printing, see the stream, see the files, download them. (If you got access to OP, that means know the IP or DNS, if you routed through your firewall then everyone who knows your public IP or if you have a dynamic DNS then that name.)
    A registered user can print and control the printer, delete files, delete time lapse videos I think.
    An admin can configure OctoPrint aka change the settings.

    That's it.
    I do not know an admin which improves that at the moment. Maybe someone else has an idea?
     
  15. Old_Tafr

    Old_Tafr Well-Known Member

    Joined:
    Mar 7, 2016
    Messages:
    561
    Likes Received:
    75
    Taking a neutral view, it is possibly the lack of awareness that is the "problem"

    Most people I guess would not know that such information and control was accessible by anyone, albeit only accessible to people with a reasonable knowledge of the Internet IP and DNS. The fact that someone could be accessing at least part of your network would more than irritate most people. The fact that no one had informed them that this was possible would be more irritating.

    The difficulty then becomes that most of us with a limited knowledge of Linux don't have the skills to restrict access via a login. The way the WiKi is written implies that OP is secure if you set a username and password.

    Maybe if there was information on how OP was configured and a choice of which you wanted?
     
  16. Dr Jeep

    Dr Jeep Well-Known Member

    Joined:
    Sep 12, 2015
    Messages:
    530
    Likes Received:
    169
    As I say just IMO :) but it isn't restricted to people that know your ip or dns, there is little to no security to obscurity. It took me all of a minute to write a custom search query for one of the device search engines out there and discover a good number of machines sitting online. Hell there are even machines being indexed by Google if you know what to search for.

    Admittedly do it on a non standard port and it becomes a lot harder to find, you are probably in the realm of more targeted attacks and not just discoverable then.

    Certainly mine will be behind another layer of authentication if I put it online.
     
  17. Alex9779

    Alex9779 Moderator
    Staff Member

    Joined:
    Sep 4, 2015
    Messages:
    2,405
    Likes Received:
    731
    I access OPrint only via VPN. I have a snapshot pic on my homepage though and I am thinking about using the OPrint API to show stats or what model is printing... A little work but definitely the safest option...
     

Share This Page