a0a3aa79ac
* docs: a simple recommendation for remote access new file: quicktips/remote-access.md * Update remote-access.md
3.6 KiB
| layout | title | parent | permalink | description |
|---|---|---|---|---|
| default | Remote Access | Quicktips | /quicktips/remote-access | A guide to safe remote access. |
{{ page.title }}
{{ page.description }}
Notice
This is not a complete guide with every single step in detail, but rather a recommendation of what to do and especially what not to do to get access to the printer from somewhere remote from your network.
{: .info}
You have to decide if you ..
- only want to have status messages on your smartphone
- or you need full remote access to Mainsail from everywhere
Of course, you can also use a combination of both.
Status messages
For simple status messages there are a couple of additional tools that can be used:
- discord: Mooncord is a bot that sends you status messages over discord.
https://github.com/eliteSchwein/mooncord - telegram: moonraker-telegram is a bot that sends you status messages over telegram.
https://github.com/Raabi91/moonraker-telegram
These tools are installed on the local machine and send the status messages via the respective platforms. Thus, no access to your local network from outside is necessary.
For details, please refer to the projects instructions.
Remote Access to Mainsail
- Please do not open ports of Mainsail/Moonraker in your router to the rest of the world. There are plenty of reports of Octoprint installations being freely accessible on the Internet, with just as many reasons why this is not a good idea.
- Use an external service provider (e.g. tailscale) to gain access to your home network.
- Con: you give the control out of your hand
- Reverse Proxy
- Set up your own secured VPN tunnel.
- either in the router
- or your Pi
Set up VPN
Several routers allow you to set up a VPN tunnel without much effort.
After you have entered the login data into e.g. your smartphone, you will have secure access to your entire network, including Mainsail.
If your router does not support this, you can also set up your own VPN, e.g. on your Pi.
Therefore you could use: OpenVPN, WireGuard or PiVPN
To be able to reach your home network even with a non-static IP address, you should use a dynamic DNS service. This will forward a domain directly to your IP address. Often, these DynDNS services can also be set up directly in the router, so that the IP address gets automatically updated on a change.
Some free services: DuckDNS or FreeDNS
Notice
The devices that dial in via the VPN tunnel are assigned to a different address range. This address range must be configured in moonraker under trusted_clients and cors_domains. https://moonraker.readthedocs.io/en/latest/configuration/#authorization
For example:
192.168.1.x // devices on your regular LAN
192.168.50.x // devices connected through your VPN tunnel
{: .info}