Remote access / viewing

General
21

Hey,

It just requires setting up a username and password in the config_user.php file.

I have added the following settings which can be changed or left to the defaults:

$requireLogin = true;
$adminUsername = 'admin';
$adminPassword = 'admin';
$maxLoginAttempts = 3;
$standDownSeconds = 30;
22

So if I have a running setup, how would I add or rather install this? Just a git pull and then a restart?

23

I think the best way would be to:

  • create a github account
  • fork my brewpi/www repository (the only changes I have made are to enable authentication) https://github.com/nzjoel1234/brewpi-www
    – this will create a new repository in your github account
  • clone your new repository to your RPi (instead of the ‘mainline’ code)
  • update the config_user.php file
  • run the fixPermissions script on your RPi
  • restart webservice
24

That will break updates though, since the default remote is not BrewPi anymore.

Sorry Joel, have not had time to take a good look at your repo yet and I am not very knowledgable in PHP security. I have asked @ajt2 to look at it, but he has been busy too.

25

In order to remote access the BrewPi over the internet I would strongly suggest an SSH tunnel.
This is the only way I use in order to access my LAN resources (e.g my NAS) even if my devices support the “cloud” option, which I always disable for security reasons.
The idea is using an SSH client (putty for windows, ConnectBot for android or whatever) to forward all traffic coming to a specified port on the client, to a specified port on the server. It sound “tricky” but it is actually very easy to accomplish.

I would give generic guidelines not a detailed guide.

  1. Setup a DDNS service on your router. I use NO-IP. If your router does not have this option, use the RPi. Refer to “Setting up Raspberry Pi Dynamic DNS” @ https://pimylifeup.com/raspberry-pi-port-forwarding/
  2. Create a Public/Private key pair using e.g PuTTYgen (https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps). RSA 4096 (preferably) without a password.
  3. Copy the contents of the public key to the .authorized_keys found at the RPi’s SSH folder. Restart SSH server.
  4. Using Putty enter the DDNS address as the destination you want to connect to and then go to SSH–>Tunnels. Choose a Source port number (e.g 4321) and fill the Destination field with the address of the BrewPi interface. Under SSH–>Auth enter the location of your authentication key. Under Connection–>Data set the Auto-login username field with root. Save the session using a name of your choice and click open.
  5. Hopefully you will be connected to RPi’s SSH server. Now open the browser and enter 127.0.0.1:“port” where port is the Source port you chose at 4., e.g 127.0.0.1:4321

And Voila! You can access the BrewPi securely over the internet.

Sorry for the coarse guide but in my setup I have both DDNS and SSH server on the router (a DD-WRT compatible router) and I am using ConnectBot for android as an SSH client, so I can not provide right now more details or a step-by-step guide for the setup. I thought that a thoroughly explanation of my setup would not be useful for most of you because it is very specific.

In case you find the above interesting, I could find some time and broaden the guide in the future.

Have a nice brew,
T81

1 Like
26

Guys, get a router/modem (or check the one you have) which supports a VPN (either SSL or IPsec), even better if it supports come kind of Dynamic DNS too. Either that or repurpose an old PC and use IPfire, Pfsense, etc to build a real firewall.

I know Elco is a talented guy, but I’m guessing security is not his main concern so I wouldn’t put the web server directly on the Internet via port forwarding even with the dummy page.

Then you can connect from your phone, tablet or PC in the knowledge that your connection is 100% secure, and your web server and your beer are safe from tampering.

27

Someone on the Homebrew forum has suggested using weaved the free version works will for checking your beers on the fly.

I’d recommend using that as a hassle free easy and I believe secure way of accessing brewpi when not st home