Post AFh2hQeBTBnW0Y8e48 by grumpysmiffy@aus.social
 (DIR) More posts by grumpysmiffy@aus.social
 (DIR) Post #AFh2hOaZ7fiNckQj9E by grumpysmiffy@aus.social
       2022-01-22T07:05:30Z
       
       0 likes, 0 repeats
       
       My weather monitoring system has been reduced to a set of 1-wire temperature sensors, connected in a star network to a Raspberry Pi. These are read through OWFS, which presents them as files, by a Perl script, which writes JSON files, which then get aggregated - because I don't want to run a database engine on a Pi, where it's not needed,I have a node.js script which serves the latest aggregation as a plain text file, because that is all I need. (continued)
       
 (DIR) Post #AFh2hP7t7mMzI61L5U by grumpysmiffy@aus.social
       2022-01-22T07:13:48Z
       
       0 likes, 0 repeats
       
       This really handles all my needs, except I can only access it when connected to my LAN. So today, as I'm taking a couple of days off work, I looked at the problem. To keep things open for further development, I have port forwarded my router to a Mac Mini on which I have installed Traefik, running under Docker as an edge router. Then we have Apache running as a reverse proxy under another Docker container, which talks to the RPi. See how it goes tomorrow.
       
 (DIR) Post #AFh2hPd5FnK6qqcFiC by joshua@aus.social
       2022-01-22T07:18:03Z
       
       0 likes, 0 repeats
       
       @grumpysmiffy if you're exposing the RPi to the internet, make sure it's secure[d]
       
 (DIR) Post #AFh2hQ8zLAqORnXjRQ by grumpysmiffy@aus.social
       2022-01-22T08:21:28Z
       
       0 likes, 0 repeats
       
       @joshua The PRi is very buried - there are two levels of proxy. Traefik takes the inbound https request, does some magic and passes that as an http request to the Apache container which takes the inbound port 80 to the Pi's 8000. The reason for the two levels is that Traefik can only proxy to another Docker container, not to something outside of the Docker system.
       
 (DIR) Post #AFh2hQeBTBnW0Y8e48 by grumpysmiffy@aus.social
       2022-01-22T08:25:12Z
       
       0 likes, 0 repeats
       
       @joshua And the Pi itself only serves / - any other request gets an error.I still need to set up a VPN inbound, but I'm not away enough to justify it. And with COVID being the new norm, really trying to avoid staying away ever again, with my partner's risk factors. (Just thinking aloud.)
       
 (DIR) Post #AFh2hRCvO1aRkIOODQ by uoya@soykaf.org
       2022-01-22T08:47:03.448629Z
       
       0 likes, 0 repeats
       
       @grumpysmiffy @joshua highly recommend using Tailscale for your VPN, it’s so simple to set up and just works out of the box.Otherwise Cloudflare tunnel works really well for inbound web traffic.Both are free, too!
       
 (DIR) Post #AFh2hVU5U9gz0gS9WS by grumpysmiffy@aus.social
       2022-01-22T08:32:25Z
       
       0 likes, 0 repeats
       
       @joshua Now I'm wondering if I need a separate Apache proxy container for every device, or if one can do the lot...
       
 (DIR) Post #AFhK9F9pTo7ThcmzJo by grumpysmiffy@aus.social
       2022-01-22T09:07:19Z
       
       1 likes, 0 repeats
       
       @uoya @joshua Thank you, because OpenVPN is a world of pain to set up, server-wise.