Easy & safe way for viewing BrewPi outside your network

There have been many postings about exposing your BrewPi screen outside the home network. Most of them involve extra security on the RPi. However, if you only want to expose the screen for your personal use, there is a very easy and safe way to do so, using a Windows computer and a smartphone (Android - IOS?).

On the windows computer install the Chrome browser and add the Remote Desktop addon. Install the Chrome Remote Desktop app on the smartphone. To view the BrewPi screen, use the smartphone app to access your Windows computer and run the Chrome browser, pointing at your BrePi page. To make it easier to view I always try to leave the desktop with the BrewPi page up. I also added an auto refresh (every 5 minutes) using another Chrome addon.

I find it easier to just use weaved which just needs your pi.

Weaved looks like a useful tool, but for using Putty. I just want to see the BrewPi page.

If you make a http service in weaved, you can access the brewpi browser ui via your weaved page from anywhere.

Thanks that will be useful for some people. For me, I am lazy, and just using a simple app on my smartphone to show the page is more than enough

Can’t you just use a .htaccess file and then authenticate with username and password?

Now you are getting way beyond my Linux capabilities :grinning:

If you want some help I don’t mind pointing you in the right direction?
There is a load of info here http://www.htaccess-guide.com probably too much :wink:
The basics are though you create a file called .htaccess somewhere and put a username and password in it, then you change your apache config to to use basic authentication and where to look for that file with the username and password in https://faq.oit.gatech.edu/content/how-do-i-do-basicauth-using-htaccess-and-htpasswd

Thanks, this will be helpful to tweak my BrewPi page. However, I am still worried about exposing the RPi without extra security. I have seen a number of ways to do, but all of them are complicated so I keep coming back to the quick, dirty and easy way.

BTW, I did set my Rpi on a port that was open to the Internet. I was able to view the BrewPi page from outside but in 4 weeks had 2 occasions when the Apache stopped working. To get things working I had to re-install. Not sure that i was hacked, but since closing that port down, I have not had any problems.

Kudos to @Tom_StewarT and @Runenaldo for mention of Weaved. I had never heard of it before but setup was simple and straightforward and I trust the security of the solution. Note: I have no intention to access from my phone or other Android device.

I second @NottingHill for not putting RPi on DMZ via router. Unless you really know what you are doing when hardening a linux box exposed to the internet, it’s likely not secure. I don’t think .htaccess is sufficient protection. Once the RPi get’s hacked, the rest of the internal network is then exposed and must be suspect for intrusion. Why take the chance?

Depends how you do it, I feel secure allowing https access with password protection to pretty much all my internal stuff with a webui. Never had any issues
Is not installing weaved (after a quick look at their site) 100% giving that company access to your stuff? In the same way as icloud and dropbox (whatever encryption they might use) mean your stuff is on their servers and if they wanted they an access it somehow? Not that I don’t use them, I just mean https and password means you have control, weaved means if they get hacked someone WILL have access if they want to your stuff?

@charliwest You make a good point. I agree that I have transferred the security risk from myself to Weaved. I simply trust that they (weaved) employ security professionals that can do a much better job than myself and since they are running a business it is in their interest to protect user information since a breach or other negative publicity hurts their end goal, which is to make money. If there does turn out to be a security risk, I still have full control to stop the weaved daemon on the Pi or even shut off the Pi (Spark will keep controlling the fermentation).

If it is on the Internet you never have control.