Thanks for this. I have a use case for the tunnels and had no idea this existed.
On Wednesday, January 4, 2023 at 7:17:48 AM UTC-5 tke...@gmail.com wrote: > Pretty cool. I had no idea Cloudflare offered this. > > On Tue, Jan 3, 2023 at 6:40 PM Doug Jenkins <do...@dougjenkins.com> wrote: > >> If you are willing to roll up your sleeves and get technical, serving >> your website at home can be done safely and securely without changing your >> firewall. There are some steps to do, but at the end it will save you money >> and it will give you some real-world IT experience. >> >> So to self-host your WeeWX website, I would do the following >> >> NOTE: This is a high-level checklist. there are lot of steps for each >> item. >> >> 1. Get a domain name. Porkbun.com is cheap, but Google Domains works too. >> 2. You need to have a NameServer Service to tell the internet where your >> website is. My checklist will use CloudFlare (free). They have a bunch of >> services that we are going to use to make this happen. >> 3. Once you buy your domain name, you will need to point it to >> Cloudflare's Servers. Cloudflare's setup will walk you through it. This >> will take 4 - 24 hours to propagate across the internet (your response may >> vary). >> 4. Once it is propagated (Cloudflare sends an email to you), You will >> setup your website inside the tool. We are going to setup "Zero Trust" >> tunnel that will create a secure tunnel between cloudflare and your server. >> I have a video that walks this whole process through (including configuring >> cloudflare) >> >> https://youtu.be/eojWaJQvqiw >> >> This tunnel is the KEY. This tunnel will encrypt the traffic coming to >> your domain, secure your domain with an SSL Certificate, and essentially >> expose it directly on your server. Again this service is free for small >> domains (like weather station sites!) and does not expose your network to >> the internet directly. >> >> 5. Within the tool you will configure your Server name and the port (80) >> that your webserver is now hosting your WeeWX site. You will have to >> install a package from Cloudflare to act as the broker for the connection. >> The video goes over a container-approach, but in Cloudflare's >> documentation, they cover a linux server install. >> >> The benefits of doing this approach are: >> >> 1. Site gets a free SSL certificate (https:) that is handled by Cloudflare >> 2. Cloudflare acts as a reverse proxy to broker your connection from the >> internet to your server and port. >> 3. connection between Cloudflare and your server is secure. You do not >> need to open a port for this. >> 4. You get website statistics and other security features for your >> website for free from cloudflare. >> >> Check out the video and let me know if this helps. There are other >> resources on the internet that can help on this setup. >> >> Doug Jenkins >> >> On Tue, Jan 3, 2023 at 11:46 AM vince <vince...@gmail.com> wrote: >> >>> If you're asking that question, you really shouldn't do it for security >>> reasons. There are soooo many bots and automated scanners out there >>> looking for victim sites that you'd be massively attacked within literally >>> a minute or two. Please don't. Really. >>> >>> But to answer - you'd need to alter your home firewall to permit >>> incoming web traffic to 'only' that computer and tcp/ip port. Ideally you >>> would have your webserver also running 'only' https (a bit hard on a LAN to >>> do), have lots of logging (syslog), blocking typical attacks (fail2ban) and >>> hopefully even alerting that attacks are even happening. You should also >>> segment your network so it's on an isolated VLAN so it can't be used as a >>> jumping off point to attack your other home network devices. That requires >>> special network hardware usually, and some additional level of expertise. >>> It's a big lift to do correctly. >>> >>> Simpler answer is to spend a few bucks/month and spin up a AWS Lightsail >>> VM and use weewx's RSYNC uploader to update the Internet webserver with the >>> weewx-generated data automatically. Lightsail is free for 3 months trial, >>> then $3.50/month. Small price to pay for peace of mind. >>> >>> You'd still have to harden your Lightsail VM, but that's far easier to >>> learn how to do. Get a lets-encrypt ssl certificate to use only https. >>> Use the Lightsail console to let 'just' https in. Install fail2ban. Very >>> doable. Lots of guides out there for how to do so if you google a bit. >>> >>> >>> On Tuesday, January 3, 2023 at 4:23:59 AM UTC-8 kb3...@gmail.com wrote: >>> >>>> I was able to get the local network page of my weewx station but how do >>>> you see this from the public ip? >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "weewx-user" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to weewx-user+...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/weewx-user/4a1e2ea1-74c3-4f08-ac28-2267cb1148f5n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/weewx-user/4a1e2ea1-74c3-4f08-ac28-2267cb1148f5n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "weewx-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to weewx-user+...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/CACC0i0wiy_rGYdZWohX1Z%3D9BJ%3DEFCbmGKg3Wh4%3D%2BBMRzYxtKPQ%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/weewx-user/CACC0i0wiy_rGYdZWohX1Z%3D9BJ%3DEFCbmGKg3Wh4%3D%2BBMRzYxtKPQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/4371ee6d-d6fd-4cee-9a90-2fea144133d3n%40googlegroups.com.
