[mythtv-users] Access new web app outside home network
Mike Hodson
mystica at gmail.com
Thu Jun 6 01:57:01 UTC 2024
On Wed, Jun 5, 2024, 17:53 Paul Gardiner <lists at glidos.net> wrote:
>
> On 05/06/2024 22:21, James Linder wrote:
> >
> >
> >
> >
> > Methinks a ssh tunnel is much easier.
> > ssh -p 1234 -R 1200:localhost:6544 me at tigger.ws
> >
> > Then http://localhost:1200 <http://localhost:1200/>
> >
> > I believe putty can do port forwarding
>
> That's a nice alternative, but I don't get how doing two things on every
> use is easier than one. It's not like one has to configure apache on
> every use. If you're (say) in an internet cafe then that's google putty
> or plink, download it, then create your tunnel then open the browser. Am
> I missing something?
>
No, you're not missing anything in the actions involved, but there is an
unmentioned inherent risk of exposing 'too much' to the public facing
Internet.
There is also the implied 'single command that works most places' vs
'setting up an entirely new service with the configuration and maintenance
required thereafter'
One could create a batch file / shell script that starts up the SSH tunnel
with a pubkey, and then launches the URL afterward.
If your proxy is secure, and you properly password protect it and use SSL,
you likely are secure enough, however having a [presumably] battle-tested
and secure SSH server open is a potentially smaller ongoing
risk/config/maintenance concern.
Then, there are VPN solutions like Zerotier and Tailscale that provide a
very simple to use and self-contained mesh network of your hosts, no open
ports needed. I use both myself on a daily basis for work and personal
uses.
Finally there is always the old standby of OpenVPN but I wager it is
potentially harder to get right than the entirety of other software
mentioned so far in this thread.
I'm a fan of keeping as few open ports as possible accessible to the
public. [And on Lumen/CenturyLink/QuantumFiber some of their modems change
IPs every 2 hours... So dynamic DNS would be another concern in my case.
Lots of potentials here, and you've got a working setup. Changing to
another would be a question of risk presented now vs time involved to
switch to something different.
Mike
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20240605/265059a9/attachment.htm>
More information about the mythtv-users
mailing list