How to host a public website on your home Raspberry Pi

Every now and then I like to let the Internet control things in my house. Sometimes it’s letting a live stream turn a light on and off and others is driving an RC car in my living room. When building these projects I normally use a Raspberry pie to listen to web traffic and perform an event when someone visits the site.

I could give people my IP address and redirect my router’s port to my Raspberry Pi, but I prefer to keep my IP private and my network as secure as possible. We can get the best of both worlds with an SSH tunnel, nginx, and a virtual machine in the cloud. All of this creates a reverse proxy, where visitors go to a public IP address that is not your home network’s and are directed to the Pi that’s on your local network.

If you’re looking to create something interactive with your Pi while still keeping things as secure as possible, here’s how to do it.

What you will need for this project

  • Raspberry Pi 4 or Raspberry Pi 3 with power adapter
  • 8 GB microSD card (or more) with Raspberry Pi OS. See our list of best microSD cards for Raspberry Pi.
  • A Google Cloud Platform account and the gcloud command line tool or another cloud provider you know. Note that inbound traffic will cost money which in our case is $ 5 per month.

How to host a public website on your home Raspberry Pi

Before you begin, make sure your Raspberry Pi operating system is configured. If you haven’t already, check out our article on how to install a Raspberry Pi for the first time or how to make a headless Raspberry Pi installation (without keyboard and screen).

1. Install git, which will allow us to clone the code of this project.

sudo apt-get update && sudo apt-get install -y git

2. Clone the repository with sample code. This code takes care of the communication with the sensor and sets up a simple server for monitoring on your home network.

cd ~/
git clone https://github.com/rydercalmdown/pi_home_reverse_proxy.git

3. Run the install command after descending into the repository. This will install all the necessary SSH components as well as nginx, a simple server that we will use as an example.

cd pi_home_reverse_proxy
make install-pi

4. Create an SSH public / private key pair. The private key will remain on the Raspberry Pi and will be used in conjunction with the public key to connect to our cloud virtual machine.

ssh-keygen
# press enter to accept all default settings

5. Copy the SSH public key for later. We will need it when setting up our virtual machine in the cloud.

/home/pi/.ssh/id_rsa.pub
# Copy the results

6. Access your Google Cloud Console and navigate to the VM Instances page.

7. Click on “Create an instance” to create a new virtual machine.

(Image credit: Tom’s Hardware)

8. Pick a memorable name for your example. I call mine “home-reverse-proxy”.

9. Choose the desired region and zone. It doesn’t matter that much, but it’s good to pick something near you for low latency.

(Image credit: Tom’s Hardware)

10. Under the machine configuration, choose “N1” for the series, and f1-micro for the type of machine. This will give us the lowest monthly cost, around $ 5 per month.

(Image credit: Tom’s Hardware)

11. Scroll down to the “Startup Disk” section and Click change button. Set the operating system to Ubuntu and the version to “Ubuntu 20.04 LTS”, leave everything else the same and click Select.

(Image credit: Tom’s Hardware)

12. Scroll down to “Firewall” and check both “Allow HTTP traffic” and “Allow HTTPS traffic”.

(Image credit: Tom’s Hardware)

13. Scroll to the bottom of the instance and click on “Create”.

14. Once the machine is running, click drop down menu next to SSH to get SSH command. I recommend using the “Show gcloud command” command. Paste this command in your terminal in SSH on your cloud virtual machine.

(Image credit: Tom’s Hardware)

15. Once connected to your virtual machine, install nginx with the following commands.

sudo apt-get update
sudo apt-get install -y nginx

16. Check if nginx is running by running the following command. You can also visit the external IP address in your browser listed next to your virtual machine in the Google Cloud Console. When you visit, you should see an nginx homepage.

sudo service nginx status
# Ctrl + C then enter to exit
# It should show “active (running)” in green if all is well

(Image credit: Tom’s Hardware)

17. Update the default configuration with a custom reverse proxy configuration. This tells nginx to forward all traffic it receives to a port on your machine.

cd /etc/nginx/sites-enabled
sudo rm default
sudo touch default
sudo nano default
# copy in the code below

This code rate limits the number of requests to 5 per second so as not to overwhelm the pi during interactive projects. If you want to accept more, just increase the number or remove all lines starting with limit_req from the file without limits.

limit_req_zone $binary_remote_addr zone=basic:10m rate=5r/s;


server {
  listen 80;

  location / {
    limit_req zone=basic;
    proxy_pass  http://0.0.0.0:5000;
  }

}

18. Restart the nginx service and visit the virtual machine’s external IP address again. A “502 Bad Gateway” page should appear if all is well.

sudo service nginx restart

(Image credit: Tom’s Hardware)

19. Using the following command, create user for the pi in SSH on the virtual machine.

sudo useradd -m -p raspberry -s /bin/bash piconnect

20. Create the SSH directory and authorized key files, and copy to the public key you copied from your Raspberry Pi.

sudo mkdir /home/piconnect/.ssh/
sudo touch /home/piconnect/.ssh/authorized_keys
sudo nano /home/piconnect/.ssh/authorized_keys
# copy in the public key you copied from your raspberry pi

21. Back on the Raspberry Pi, modify the establish_remote_connection.sh file to include the IP address of your remote server.

cd ~/pi_home_reverse_proxy
sudo nano scripts/establish_remote_connection.sh
# change REMOTE_HOST=your_remote_ip_address to the external IP you got from the Google Cloud Platform console

22. Run the make connect command to establish the SSH connection between your Raspberry Pi and your virtual server.

make connect

23. Visit the IP address of your virtual machine to see the content running on the Raspberry Pi served remotely and not on your personal IP address.

(Image credit: Tom’s Hardware)

And There you go! You serve content from your Raspberry Pi from a Google Cloud IP address, via an SSH tunnel. I only use this setup every now and then, but for a more permanent setup I would recommend connecting a domain and securing it with LetsEncrypt on the VM side.


Source link