Best (secure) way to access home network esp8266?

Forums › Gadgets, robotics, home automation, electronics (including wearables) › Best (secure) way to access home network esp8266?

Hwale

69 posts

Master Geek

#306039 23-Jun-2023 01:58

I have an esp8266 on the home network and I'd like to control it from outside the network by sending args to its url (https://myIPaddress:80/arguments?a=1&b=2) for example.

This requires port forwarding which seems unsecure and also a static IP address which I could get but would rather not have to pay for.

Is there a simple, secure way to talk to an esp on a home network from outside the network? Easiest thing I can think of is get it to poll a thingspeak value or just use blynk or similar but I'd rather do it without the 3rd party service in the middle. Any advice?

nzkc

1572 posts

Uber Geek

#3093747 23-Jun-2023 07:26

Options:

Put a Cloudflare tunnel in front of it.
VPN: Cloudflare zero trust, Pivpn or tailscale.
Another option is to put a proxy in front of it like this one that I've used before: https://github.com/oauth2-proxy/oauth2-proxy. This will require you to login - I have a GSuite account so tied it to that but it supports other providers.

timmmay

20580 posts

Uber Geek

Trusted

Lifetime subscriber

#3093754 23-Jun-2023 07:43

My Fritzbox has a WireGuard VPN built into it. I can run WireGuard on my computer or phone, which puts that device onto the home network. If you can't do that you could put a Raspberry Pi or similar onto the internet if you have a static IP. Otherwise CloudFlare Tunnel is worth a look, I use those with CloudFlare zero trust to provide remote access to Home Assistant - though I can do that with WireGuard I did that because I use Tunnels to host a couple of family websites on the Pi as well.

davidcole

6034 posts

Uber Geek

Trusted

#3093756 23-Jun-2023 07:51

I think every solution is probably going to require some sort of third party thing if you don't want to connect directly to it (port forwarding) or via a self hosted vpn.

as nzkc said use those. Or a variable on your thingspeak idea might be switch your esp8266 to use MQTT and use a cloud instance of mqtt (your esp8266 you connect to the externa mqtt server and subscribe to a command topic where you'd pass in the values.

To set the values you'd publish to the command topic on the mqtt server the values. Is somethign that could run self hosted till you found a cloud mqtt server.

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

mattenz

190 posts

Master Geek

#3093784 23-Jun-2023 08:57

You might be surprised at how rarely your dynamic IP address actually changes.

I've been using ESPHome, so would do it via Home Assistant.

richms

28176 posts

Uber Geek

Trusted

Lifetime subscriber

#3093869 23-Jun-2023 09:42

Unless there is a limitation that means you need to have a URL to hit from something else, I would change to using mqtt and use an internet hosted broker to get the messages to it. adafruit ran one when I last had a play to get that done. If the ESP is available to the internet even if you have it "secure" it will still get hammered with requests that IME cause it to either lag significantly or crash. The ESP32 may perform better with it being a multicore but I would still not be exposing anything like that to inwards connections.

Richard rich.ms