Due to the issues I’m having with Weaved (acquiring a URL <10 seconds), I’ve reached out to Dataplicity as this seems to be a viable option (although I haven’t tried it yet). Support response was quick and they indicated that accessing our devices remotely via a static URL (something Weaved doesn’t currently offer) is doable using WormHole. They also indicated that any feedback to improve the service would be greatly appreciated.
Anyone have any exposure to this service ? If not then I’ll go ahead and test it out and post back.
Very interested in your testing of Dataplicity/Wormhole… I did look at it a while ago as I was looking at a fixed URL solution (if only to remotely access openLuup with Homewave without a VPN), but did not pursue further when I read the following from their documentation:
Wormhole forwards any webservice that is listening on the loopback interface (127.0.0.1) port 80 on your device.
That left me under the impression that:
[ol][li]Only servers listening on port 80 would be forwarded, and[/li]
[li]The forward would be unsecured[/li][/ol]
But I would be very happy to hear that I did not check deep enough into the opportunity…
Yes, port 80 is going to be an issue. I’ve email support this morning as pls90 moved forward in testing and it failed. Hopefully they can make this user configurable, if not soon - in the future. Weaved is still a great method and perhaps they will also correct their API issue(s).
CN
[quote=“logread, post:2, topic:193505”]Very interested in your testing of Dataplicity/Wormhole… I did look at it a while ago as I was looking at a fixed URL solution (if only to remotely access openLuup with Homewave without a VPN), but did not pursue further when I read the following from their documentation:
Wormhole forwards any webservice that is listening on the loopback interface (127.0.0.1) port 80 on your device.
That left me under the impression that:
[ol][li]Only servers listening on port 80 would be forwarded, and[/li]
[li]The forward would be unsecured[/li][/ol]
But I would be very happy to hear that I did not check deep enough into the opportunity…[/quote]
Well, here is the response I received… Not exactly what I was hoping for. If I get time this week I’ll setup a test using Nginx (sounds like it may work) …
Wormhole does not directly support alternative ports for HTTP. _However_, that doesn't mean you are stuck. You can use nginx or apache reverse proxy on your device to redirect your local port (3480) to port 80 where wormhole will work. See here for an example: http://serverfault.com/a/171680
Additionally, if you want to redirect an arbitrary port in raw form, you can do that by encapsulating the traffic in a websocket. We do this using websockify in our VNC example here: http://docs.dataplicity.com/docs/make-a-remote-graphical-interface-for-your-pi. At the far end you'll need dewebsockify, which is here: https://github.com/encharm/dewebsockify
[quote=“logread, post:2, topic:193505”]Very interested in your testing of Dataplicity/Wormhole… I did look at it a while ago as I was looking at a fixed URL solution (if only to remotely access openLuup with Homewave without a VPN), but did not pursue further when I read the following from their documentation:
Wormhole forwards any webservice that is listening on the loopback interface (127.0.0.1) port 80 on your device.
That left me under the impression that:
[ol][li]Only servers listening on port 80 would be forwarded, and[/li]
[li]The forward would be unsecured[/li][/ol]
But I would be very happy to hear that I did not check deep enough into the opportunity…[/quote]
Hi there!
Thanks for checking out dataplicity
I suspect the source for your confusion is that we are forwarding port 80 on your local device to a remote location. Wormhole will indeed forward LOCALHOST (ie 127.0.0.1) port 80 from your device, but it does so over an encrypted websocket link to dataplicity. Furthermore, it will present the site as https://.dataplicity.io with a proper secure certificate and all the good stuff. The point here is that wormhole listens only on localhost, so you can set up your local service to listen on 127.0.0.1:80 and that’s enough to make it work: you don’t need to (and probably shouldn’t) set up your local web service to expose port 80 to the whole internet.
We’ve got a post here that talks about how to secure wormhole: Securing Wormhole.
Figured I’d update since I’m here… I was able to successfully implement the needed tasks to remote into AltUI/openLuup. Works very well so far but I need to work with a bit longer just to verify. Weaved/Remot3.it has been working but I’ve had so many issues with billing (yes, I subscribed), lack of their support etc. This motivated me to revisit this solution. I really like the idea of a single URL to access my devices and to boot, you have a CLI interface. I’ll continue to play around and then I’ll report back with the exact steps needed.
Figured I'd update since I'm here... I was able to successfully implement the needed tasks to remote into AltUI/openLuup. Works very well so far but I need to work with a bit longer just to verify. Weaved/Remot3.it has been working but I've had so many issues with billing (yes, I subscribed), lack of their support etc. This motivated me to revisit this solution. I really like the idea of a single URL to access my devices and to boot, you have a CLI interface. I'll continue to play around and then I'll report back with the exact steps needed.
Thanks for the update - look forward to a positive ongoing experience!
Actually very simple and seems to work well even from my office which is a real torture test (so to speak)… I’ll post instructions tonight for others to provide feedback etc…
Yes, indeed!
Figured I'd update since I'm here... I was able to successfully implement the needed tasks to remote into AltUI/openLuup. Works very well so far but I need to work with a bit longer just to verify. Weaved/Remot3.it has been working but I've had so many issues with billing (yes, I subscribed), lack of their support etc. This motivated me to revisit this solution. I really like the idea of a single URL to access my devices and to boot, you have a CLI interface. I'll continue to play around and then I'll report back with the exact steps needed.
Thanks for the update - look forward to a positive ongoing experience!
Another thing I forgot to mention… Oh no, it’s always that other thing … If others choose to, you can now secure access with a username/password. It’s a few more steps within the CLI but nothing too bad. I believe all my turn-keys come pre-loaded with Open SSL. Anyways, just wanted to throw that out there for this interested. I’m going to implement tonight on my test system and verify things look good.
Dataplicity is very cool. So you get access to one device at no cost and unlimited connection time (I haven’t confirmed) and unlimited connections. Each additional device has a cost. The other side which may be a show stopper is the port 80 access. This is why we use redirect the Websocket connection to 3480.
In this post I put some instructions how to configure a PI with Dataplicity so you can get to it directly with a URL. It is set up with UID/PWD protection. You have to ignore the bits about Imperihome.
Hi Rene, thanks for that - must have missed it… Mine looks bit different and perhaps they both function the same…
Verify you're a sudoer (super user), you can do this by performing the following (dependent upon distro). Perform A or B (not both):
a. #sudo su
b. #su
1. #apt-get update
2. #apt-get install nginx
3. go to /etc/nginx/sites-enabled
4. remove 'default' (no extension)
5. nano 'default' and paste the following below:
server {
listen 80;
root /etc/cmh-ludl;
index index.html index.htm;
server_name _;
location / {
proxy_pass http://localhost:3480;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
6. Control-o then Control-x within nano.
7. #systemctl stop nginx (stops the service).
8. #systemctl start nginx (starts the service).
9. Go to Dataplicity and sign up for you account if you haven't already. Copy the link to install Dataplicity and execute.
-- At this point we can optionally require a login/password before reaching the end-point.
1. Generate a username (the file .htpasswd is hidden):
a. #sh -c "echo -n 'ENTER DESIRED USERNAME HERE:' >> /etc/nginx/.htpasswd"
2. Repeat step 1 for each user.
3. Encrypt the hidden file (.htpasswd):
a. #sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
4. In step 4 you'll be prompted for a password and verification of the password.
5. Verify the contents of the hidden file (.htpasswd):
a. cat /etc/nginx/.htpasswd
6. Amend the nginx 'default' file
a. go to /etc/nginx/sites-enabled
b. nano 'default' and amend as needed:
server {
listen 80;
root /etc/cmh-ludl;
index index.html index.htm;
server_name _;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:3480;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
7. Control-o then Control-x within nano.
8. systemctl stop nginx (stops the service).
9. systemctl start nginx (starts the service).
–CN
Best Home Automation shopping experience. Shop at Ezlo!
