Morning Bart,
Ok so, so that my Dashboard (which NR runs on my Pi) can be displayed on my Smartphone (in 4G), I have to create a tunnel like Ngrok. I already did.
(Then I have to secure with the certificates ... well, there you lost me lol)
That's where I didn't understand: if I close Chrome (on Smartphone), the tunel is cut , Right ? How will I receive my notifications?
Is the tunel just for the first subscription?
Sorry for these beginner questions but despite your excellent README (as you know how to do them well) it's not yet clear to me .
I know 2 ways to connect from the 4G (excluding wifi) to its NR dashboard.
The 1st: it is to create a VPN tunnel between your phone and your box-router or other equipment in your private network that can be VPN server.
In this case your phone will be as if it is in your house.
But, if you cut the VPN you will have no more WEB Push of course!!
The second one is to open your router and use NAT translation addresses to your NR. Doing this exposes NR to the internet world.
Hence the need to secure this connection with certificates to be able to encrypt the data that will transit and authenticate both parties, the phone and your NR.
It is also necessary to use a dynamic DNS DDNS (DynDNS). This so that from your browser, you can join your NR with a nice name always the same.
This solution makes it possible to receive WEB Push even if the browser is not open on your phone
Just an additional question? Do you need also to secure the connection with certificates if you use ngrok?
Also, using OpenVPN in the phone is good for shorter connection periods but I think, my experience, that having the VPN active drains the battery much quicker than running just on 4G or even wifi
For my part, I always use a firewall on my phone and it is not possible to have 2 VPNs in parallel.
So I much prefer to use the WEB Push or Telegram solution which is connected to my BOT in NR. It doesn't consume anything.
WEB Push will save me from having to use Telegram (which is an excellent application).
As far as the battery is concerned, I don't think it will run down if there is no regular traffic between your NR and your phone.
Yes, when you start a NGROK session (as example in a RPi) I "assume" the connection between the Pi and the NGROK server is secured?? I hope
Then NGROK provides a url, secure if you run ./ngrok tls 1880
But I do not have the Pro version, so the question is how you logon from your browser to the NGROK server when using that url? Userid + password or downloaded NGROK certificate???
Walter answered part of the question: ngrok does the same thing as a VPN. It is a program that runs in the background in a server (in my RPi). You tell him the IP address of the devices you want to "get out" of the network with username and password.
In your Ngrok account you will see the links to the addresses you have assigned, these links are accessible from anywhere.
The only drawback, in the free version, is that if your server restarts, your Ngrok links are reloaded.
For my part, this is the only way I have found to "get out" my devices, because I have a 4G modem at home, (no ADSL) so no fixed IP.
Hi guys,
I'm at work now, so cannot follow this discussion.
But could we do this in a separate discussion, because this is way off-topic.
Otherwise users interested in web push won't be able to follow this discussion anymore ...
Thanks !!
I do not really agree. As long as you want a SECURE connection for your web-push I do believe it is relevant to this topic. And you actually covered it with the certificate path...
But ok, I think the discussion is finished about that anyway now
Hi Bart,
at the start the question is how to make the URL accessible from outside, hence the use of Ngrok and its https link and therefore the security certificate. (with a little off topic on Ngrok and its possibilities, but I did not elaborate on it).
I completely agree that this node very strongly depends on good security (thanks to the Chrome folks). And it know that this is not easy to setup, especially for non-technical users. But I would like to keep this discussion focussed on the push functionality (e.g. new features or cool stuff that you guys do with it or ...), instead of discussion how security can be setup in a very specific setup ...
Although such a discussion is VERY useful, would like to keep thinks separated ...
Its true, you are right. I love to test what you make available to people, but as a novice user of NR, I still have gaps regarding the installations, uses of contributions (especially in Beta ).
There is obviously the security certificate part which is delicate to implement for novices like me and you said it. This is why we ask ourselves the question of Ngrok, who "seems" to gather everything we need.
But maybe we are wrong.
Hello Bart,
To be able to use letsencrypt as described in this post below and then forget about it afterwards is probably the best way for the user.
Keep in mind that certificates have an expiry date and must be renewed before that date or nothing works anymore.
Focus on that, I'll try to use letsencrypt to be recognized by the CAs loaded in the browsers.
I wonder if it works with Mac/Safari, which is always a little bit "different".
Yes @Paul-Reed has made a nice tutorial. But it requires that Node-RED is restarted from time to time. Therefore we are discussing a new feature for automatic certificate renewal (i.e. renew the certificates at a regular intervals while Node-RED keeps running). Hopefully we can get an agreement about it for Node-RED version 1.1.0 Fingers crossed ...
On the other hand I have created (not on Github yet) a new node to integrate Letsencrypt entirely in Node-RED. It allows you to request a new LetsEncrypt certificate fully automatically. That node already works fine, but it is not userfriendly enough. Will need to find some time to start a discussion about it first, with people that know more about the topic than me ...
Absolutely, but then I need to publish that node on github first, and write documenation (in order to be able to explain the problems with the node). Should be able to buy time in the time shop ..