Hi folks,
There are already lots if other discussions about this, but I cannot see the trees in the forest anymore...
Last month I have wired a lot of electronics to my Node-RED, so suddenly the wife and children want the dashboard on their Android phones. But they dislike my current setup...
P.S. Currently I use dynamic dns, but think I should replace that by vnp, letsencrypt, or anything else...
Bottom line:
Should be secure
2 Setup should be very simple to setup and to troubleshoot afterwards. Preferrably something that somebody has already into Node-RED...
Don't want to have to enter username/password every time.
Don't want to have any warnings about self signed certificates.
5 Should look like a real Android app, without adress bar at the top.
Hopefully I'm not to greedy... Just want something that is secure, easy to use, fast to connect and easy to instzll and maintain. That is all
You can make most webpages look and feel like an app on a phone.
To do so, display the web page on your phone and using the browser menu (3 dots top right), select 'Add to Home Screen'.
You will then have an icon on your home screen which you can rename.
Opening the icon will give you a view similar to below - no address bar & full screen display.
I serve my node-RED pages https by using Cloudlare and I use their free certificates which do not give any warnings and have a long lifespan.
Regarding having to keep logging in... I do have to log in occasionally to node-RED, but it's not very often - I think it's browser dependent??
Security - my server only accepts Cloudflare's IP's, and all others requests are rejected. Also, Cloudflare connects via a certificate for added security.
I suppose the weakness is that I reply upon node-RED's authentication to access my dashboards. If you are happy with that level of security, then no problem.
I'm doing the same as Paul, feels like a real app.
For connection I'm using pivpn, running on a raspberry, this also works great.
Your phone is always in the home network.
No need to login every time.
Ok that sounds good. So no credential popups, no self-signed certicate warnings. So pivpn might be a way to go. Is that better as activating a vpn on your router, which is connected to the WAN?
No, purely Cloudflare.
Cloudflare publish a list of IP's that they will use, and my server is setup to only allow traffic from those IPs, so if I enter my public IP in a browser, it would not connect.
Additionally, Cloudflare give you a free certificate to encrypt traffic between your server and Cloudflare.
There are no self signed certificates.
The system is totally Cloudflare, and is described in their webpages.
I've been running this for probably 4 years now, and had no issues whatsoever. Also there is no ongoing maintenance - it just works!
Yes, I've used and described that in the past. It really does work well.
Of course, you can also now quite easily set up Let's Encrypt. Especially now that they support wild-cards and DNS based verification (which Cloudflare's DNS supports - all of my own domains use Cloudflare DNS now). I have that set up for both internal and external use of certs by using a spare domain and configuring my home router to serve that domain locally to local clients, so when I use the domain name to access my Pi resources, I don't get any mismatch errors from the browsers checking the certificates.
The router I now have (Fritzbox) doesn't support Openvpn, only there own fritz-vpn and that sucks.
I the past you could modify the fritzbox to run Openvpn on it, but for security reasons it's now not possible anymore.
Now there's one port forwarded to the Pi that's running PiVpn and that will give me access to my homenetwork,
If your router supports OpenWrt have a look at this, then you don't need the additional Pi.
Running it on a Pi3 at the moment
Yes, Don't see that should be a problem. All the network traffic will also pass then my PiHole to get rid off most of the advertisements.
Well, it is called "tromboning" and adds considerable latency which could impact things like WiFi calling, Skype, etc. It is also another set of things to break which may leave you scratching your head as to why things aren't working.
So if it works for you, that's great but people should be aware of the potential issues.
Of course, people should also be aware that some countries either frown upon VPN's or make them illegal.
