Hi All,
I can get access to ignition via the App over my home wifi but not from my public ip address (ISP static IP). I have added port forwarding for 8088 to my router but the app is not connecting. Is there an additional step? Does it only work from a public IP address if I use SSL? Note - All security settings are currently still default.
You should be good. In your app, the gateway url should be http://public-ip:8088. Maybe you have a firewall on the server?
I thought if it works on my wifi it should work via my ISP static IP with the port forwarding for 8088 on my router. I already tried with the firewall disabled. Maybe I should check with my ISP that port 8088 is not blocked by them?
On the gateway webserver. Check config - network - webserver. Make sure the settings are correct and not only local host or local ip
I would love to be able to open my perspective apps from outside my local network. I checked my webserver settings, I have Auto Detect HTTP Address checked. I googled for my public IP address and I tried http://{public-ip}:8088 but no luck. Is there anything else that is needed besides checking firewall settings?
Port forwarding in your router/modem. You need to map 8088 against your local ip
Don’t do this with port 8088. Only the secure port is safe for exposure to the internet.
I agree, but the treshhold is abit higher when using ssl. Maybe get 8088 to work first, just as a test. Then setup correctly later ( for example with let’s-encrypt or openssl)
Not on a real system, no. Not even for a few minutes.
I 100% agree with @pturmel. It took me the better part of a day to get SSL working but it is worth it because security should never be an afterthought when it comes to opening a port into your local network!
Here is my post documenting what I had to do to get Lets Encrypt working. I hope it helps you.
I will definitely try to get it working with SSL from the start and not port 8088, thanks for the info and advise, I will get back to you after I find time to try again.
I agree with @pturmel . Any real system that is controlling real things in your house should be secured.
You should also use a secure password on your Ignition Gateway.
Consider what someone could do if they are able to open a designer into your gateway with connections to devices and databases. That’s just one example but hopefully you get the point.
I think it’s time that Ignition support stepped in to resolve this issue as it looks from this forum post that it’s wasting lots of peoples time. I was hoping to convert my current home automation system over to using Ignition Maker but if I can’t access it via my public static IP address then I am wasting my time.
I read: An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as “https://www.example.com”. However, some organizations need an SSL certificate for a public IP address. *Note: Only public IP addresses can be used on OrganizationSSL certificates. You must be the owner of the public IP address as per the records held with the [RIPE Network Coordination Centre (NCC)
Source: https://support.globalsign.com/ssl/general-ssl/securing-public-ip-address-ssl-certificates
Did you try configuring the public address?
eh, If you can hit your gateway from another device locally on the network by going to
'local ip address':8088
But can't hit it outside of your network by going to
'public ip address':8088
there's something wrong with how you you've done port forwarding or your firewall. I've done it with no issue.
If you're trying to set up SSL, they have a let's encrypt guide: Let's Encrypt Guide for Ignition | Inductive Automation
This isn't really a problem Ignition needs to solve, you would have to figure this out on any server you want to expose to the internet.