Remote access / viewing

So assuming your in the folder that step one points you and that you need to create the index.php file

type sudo nano index.php

This will then open up a blank window and I cut and paste all the contents from post 3 into that window and save and exit.

It’s easier to do these commands if you’ve connected to the pi via SSH as you can then just use the normal Mac or Windows shortcuts to cut and paste big blocks of text.

Oh man, thanks a ton! I just skipped the original post (page 9) and moved on to these more recent directions. That won’t mess it up either right?

Also, on the last part, “Create a file using vi editor called .htaccess and inside of it put
the following, modify the first line where it is bold and replace it
with what you plan to call your Private PHP file. Do you just rename the first line (“admin.php”) to anything specific?” And do you do anything with the “YOUR LOGIN HERE”?

Thanks bud

Sorry for all the questions. I really don’t understand this stuff too well.

Yep the admin.php is the bit that allows you to login and edit for example to access and edit brewpi on my home network I put 10.0.1.7/admin.php I can’t remember what I put in for the login part though

So you just left that first line

FilesMatch “admin.php”

Yep exactly, the user name I just kept as pi but I can’t remember if this was the user id for the pi of the htpassword but I think I kept the same user name anyway.

Man, thanks a ton for the help @mikmonken. I’m up and running. I just left everything the same on that last part (except for the IP address, obviously) and it all works quite nicely.

1 Like

Dear folks (i.e. @mikmonken),
I have a couple of questions regarding this one in order to get it working, which I haven’t yet been able to find answers for. Can someone help provide some input here? In the 2nd section of Prymal’s post:

  1. In step 5, do you need to replace “webmaster@localhost” (line 2) w/ anything else?
    –> When I run apache2ctl -k graceful (per step 6-8), I get the following error:
    AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
    –> I tried replacing [webmaster] w/ my new username and [localhost] w/ my RPi’s IP address and I get the same message when I try step 8. Also, [127.0.1.1] isn’t my RPi’s IP address lol
  2. In step 10, none of it is bold? Which part does they mean when they say “modify the first line where it is bold and replace it with what you plan to call your Private PHP file”?

Here’s the post link once more (for convenience): http://www.homebrewtalk.com/showpost.php?p=6594822

For step 5 I’m pretty certain I just cut and paste what’s in the box and saved I didn’t change any of the text.

I have no idea what the Apache error is though but I have especially if you’re following the process to the letter???

Regarding point 2 you need to change admin.php to whatever you changed the file name to earlier in point 1 or 2.

For step 5, just change “AllowOverride All” Making sure the “All” is there is the only thing you need to change. Leave the “webmaster@localhost” alone.

I’m not really sure what this means. Sorry.

It’s saying you can replace the “admin.php” to whatever you want to call it. I just left it as “admin.php” and it worked great. You do want to change the second-to-last line and replace that ip address with your RPi’s ip.

Step 5:
The Apache error is just telling you that it cannot reverse DNS lookup the ip address 127.0.0.1. it is nothing IMHO to worry about.

Step 10:
as @bryancm1 says change the admin.php bit if you did choose a different name for the file.

Rich

Hi,

Just letting you guys know I have made a pull request in github https://github.com/BrewPi/brewpi-www/pull/61

My changes allow anyone to see LCD display and graph but not change any settings. To change settings you must log in with username/password.

1 Like

Looks great, I like this! Once this is integrated, is any setup needed or is everything already setup?

Been meaning to set something like this up. Will look into this, thanks for posting!!

Hey,

It just requires setting up a username and password in the config_user.php file.

I have added the following settings which can be changed or left to the defaults:

$requireLogin = true;
$adminUsername = 'admin';
$adminPassword = 'admin';
$maxLoginAttempts = 3;
$standDownSeconds = 30;

So if I have a running setup, how would I add or rather install this? Just a git pull and then a restart?

I think the best way would be to:

  • create a github account
  • fork my brewpi/www repository (the only changes I have made are to enable authentication) https://github.com/nzjoel1234/brewpi-www
    – this will create a new repository in your github account
  • clone your new repository to your RPi (instead of the ‘mainline’ code)
  • update the config_user.php file
  • run the fixPermissions script on your RPi
  • restart webservice

That will break updates though, since the default remote is not BrewPi anymore.

Sorry Joel, have not had time to take a good look at your repo yet and I am not very knowledgable in PHP security. I have asked @ajt2 to look at it, but he has been busy too.

In order to remote access the BrewPi over the internet I would strongly suggest an SSH tunnel.
This is the only way I use in order to access my LAN resources (e.g my NAS) even if my devices support the “cloud” option, which I always disable for security reasons.
The idea is using an SSH client (putty for windows, ConnectBot for android or whatever) to forward all traffic coming to a specified port on the client, to a specified port on the server. It sound “tricky” but it is actually very easy to accomplish.

I would give generic guidelines not a detailed guide.

  1. Setup a DDNS service on your router. I use NO-IP. If your router does not have this option, use the RPi. Refer to “Setting up Raspberry Pi Dynamic DNS” @ https://pimylifeup.com/raspberry-pi-port-forwarding/
  2. Create a Public/Private key pair using e.g PuTTYgen (https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps). RSA 4096 (preferably) without a password.
  3. Copy the contents of the public key to the .authorized_keys found at the RPi’s SSH folder. Restart SSH server.
  4. Using Putty enter the DDNS address as the destination you want to connect to and then go to SSH–>Tunnels. Choose a Source port number (e.g 4321) and fill the Destination field with the address of the BrewPi interface. Under SSH–>Auth enter the location of your authentication key. Under Connection–>Data set the Auto-login username field with root. Save the session using a name of your choice and click open.
  5. Hopefully you will be connected to RPi’s SSH server. Now open the browser and enter 127.0.0.1:“port” where port is the Source port you chose at 4., e.g 127.0.0.1:4321

And Voila! You can access the BrewPi securely over the internet.

Sorry for the coarse guide but in my setup I have both DDNS and SSH server on the router (a DD-WRT compatible router) and I am using ConnectBot for android as an SSH client, so I can not provide right now more details or a step-by-step guide for the setup. I thought that a thoroughly explanation of my setup would not be useful for most of you because it is very specific.

In case you find the above interesting, I could find some time and broaden the guide in the future.

Have a nice brew,
T81

1 Like

Guys, get a router/modem (or check the one you have) which supports a VPN (either SSL or IPsec), even better if it supports come kind of Dynamic DNS too. Either that or repurpose an old PC and use IPfire, Pfsense, etc to build a real firewall.

I know Elco is a talented guy, but I’m guessing security is not his main concern so I wouldn’t put the web server directly on the Internet via port forwarding even with the dummy page.

Then you can connect from your phone, tablet or PC in the knowledge that your connection is 100% secure, and your web server and your beer are safe from tampering.

Someone on the Homebrew forum has suggested using weaved the free version works will for checking your beers on the fly.

I’d recommend using that as a hassle free easy and I believe secure way of accessing brewpi when not st home