Question: Exposing ESPEasy to the internet without exposing the front-end?

Moderators: grovkillen, Stuntteam, TD-er

Post Reply
Message
Author
RichEO
New user
Posts: 3
Joined: 27 Jul 2018, 21:21

Question: Exposing ESPEasy to the internet without exposing the front-end?

#1 Post by RichEO » 27 Jul 2018, 22:41

Hi,

I have an sonoff SV (gate opener) that I control from a mobile away from my home network. I use macrodroid to open a HTTP GET to my home IP address triggered when entering a geofence. To do this I port forward and open the ESPEasy to the internet which is obviously not advisable and at the moment is just for testing. I am now looking for a more secure method.

For this particular project it is at my mother's house and I do not want to set up a home automation server or MQTT server as this will be the only device I am setting up here. A quick and easy way to control one device from a mobile phone but how to do it securely without exposing ESPEasy to the internet?

1. Is there a way to allow http request to the device without exposing the frontend? Can I secure the front end with a password or disable it completely or change the port number that http cmd requests are sent to?

2. Is it possible to send a UDP command? I can send UDP message from macrodroid directly to my home IP address with port number and forward this to the ESPEasy device. This will not expose the ESP frontend to the internet and should be safe? How do I format a UDP message for ESPEasy?

3. Is my only alternative to use MQTT? Is this possible without setting up my own server, is there an easy way to send MQTT messages from my phone outside my home network to devices on my home network? Will it be secure and will it be responsive?


Thanks for reading.

boolie
Normal user
Posts: 20
Joined: 23 May 2018, 21:35

Re: Question: Exposing ESPEasy to the internet without exposing the front-end?

#2 Post by boolie » 27 Jul 2018, 23:32

I wouldn't expose the ESP at all, the things have no security capability. You could do something with a captive portal / proxy on your firewall if it has that facility, which could restrict the URLs that can be called and hide the ESP from the internet by forwarding the traffic transparently. There's still risk though, as we don't know whether the ESP is vulnerable to any of the usual attacks like buffer overflow, malformed URL, etc.

The other option is to have a URL on something that is secure, expose that and have it then access the ESP behind the scenes using HTTP, MQTT, whatever.

Others may come up with other ideas...
Various D1 & Sonoffs with ESPEasy, some Tasmota. Domoticz, Z-wave.
ESPEasy Patreon - keep up the good stuff, guys!

kenkoknz
Normal user
Posts: 64
Joined: 03 Jul 2018, 23:46
Location: New Zealand

Re: Question: Exposing ESPEasy to the internet without exposing the front-end?

#3 Post by kenkoknz » 28 Jul 2018, 00:59

You can use one of the cloud based mqtt brokers, which offers various service levels including free ones. Have to be careful with topic name to make sure it is unique if you use a public broker without sign in.

Post Reply

Who is online

Users browsing this forum: No registered users and 24 guests