I’m looking to open up my personal perspective project as part of my portfolio. I want to be able to send a link to people that I trust to access my Ignition “Maker”’ projects… So Neat!
Is there a direct need for a VPN if I’m using SSL? It seems like SSL would be easier for me, since that’s already packaged into the gateway confiugration. If this is the case, all I would need to do is set the IP address of my server to static, enable port forwarding for port 8043 in my router, make sure the gateway is running, and then anyone could connect to my perspective sessions by using xxx.xxx.xxx.xxx:8043/data/perspective/client/myprojectname.
This way I won’t have to mess with any DNS, I just give people I know the IP address of my server and they would be able to connect?
Am I over simplifying this? Also, is this secure enough? So many web servers utilize SSL and not VPN, so I figure it would be OK for what I’m trying to accomplish?
Thanks in advance.
SSL and VPN don’t solve the same problem.
If you put your Ignition server “on the internet”, then SSL enabled or not anybody can get to it if they know the address.
If you host it behind a VPN then only those who have VPN access will be able to reach it.
Thanks for explaining that. For my case, I think the SSL would be sufficient. I can see how in many applications VPNs are necessary.
Let’s say I buy a SSL certificate and get my IP address. What is the next step to linking my gateway to that new SSL IP?
Thanks a bunch.
You need to purchase a domain name and host your Ignition somewhere publicly reachable.
OK, I have my domain name and a SSL cert. What do you mean host ignition somewhere publicly reachable? For now the server is just on my local machine.
You don’t technically need your own domain, the easiest way is using dyndns. I can only assume that your ISP isn’t giving you a fixed ip address to your router and thus this will be changing constantly. That’s where dyndns comes in. You use dyndns to route your router’s public WAN ip to a named address e.g. “super-cool-name.dyndns.org”, and then you can use that address to give to people. You configure dyndns in your router. I think the service is about $150 for 3 or 5 years, can’t remember.
This essentially makes the address to your router static, despite its ip address changing at the whim of your ISP. You can give your current router’s wan ip to someone, but tomorrow this might be different. Fixed ip addresses from an ISP are possible, but it’s an option you must request with additional expense.
Note that it’s not possible to do this with mobile/cell tower internet, as ISPs don’t give you a publicly addressable ip address (at least in Australia). You need to be a business here for them to do that
OK. I think I’m making some headway here. Thing’s I’ve done:
-Purchased the domain and SSL certificate.
-Configured my Router for port forwarding: My external port is 80, internal port is 8043, IP address is the local IP address that was assigned to my gateway by my router e.g. 192.168.0.1
-Set a Dynamic DNS (was available through my TP link router) which should update the DNS for my domain accordingly when my ISP assigns me a new IP address.
-Ran nslookup (mydomain) to see what ip address my domain is being resolved to
-Updated DNS records on godaddy for my domain so the “A” record points to the ip address found in previous step
From what the SSL guys tell me, I have to connect the webserver to the domain before the certificate can be fully setup.
Please, if you have anything to add that might help me get this setup correctly. Good god it seems pretty difficult to get this all sorted out. I feel like I’m making pretty good headway. Thanks for the help
Can you connect the domain to a hostname? e.g. your dyndns hostname? Connecting the domain to the current wan ip address of your router, as mentioned, will not work because once you get a new IP, it will no longer be pointing at the right IP.
God dayamn, the price of dyndns has gone up over the years!
5 years is now US$220. I guess that’s still only US$44 per year, or AUD$2,203,200 *grumble* stupid exchange rate…
1 year is now $55!