Monday, August 28, 2017

A new widget at right...

A new widget at right...  You may have noticed the new “Irrigation System” widget at right.  I put that up this morning after some experimentation with different ways I could accomplish this.  The two basic approaches I considered were (a) setting up a cloud-based server, pushing the data from the irrigation supervisor up to that, and pulling it down to the blog, or (b) configuring my routers to allow external TCP connections (carefully controlled) and then pulling it straight onto the blog from there.  The first approach is the safer (from hackers) approach, but requires quite a bit of setup and ongoing administration.  The second approach is theoretically less safe, but much simpler to setup and has no ongoing administration.  After some research I opted for (b), and once I decided on the approach I had it all working in just a couple hours.

For the geekier types, here's what I did:
  • I configured our Xfinity gigabit cable router to allow inbound connections to a specific port at our public IP address.  These inbound connections are NATted (not PATted, as the cable router isn't capable of that) to an IP address (the target address) assigned to the Mikrotik router in my house.
  • I configured the Mikrotik router to PAT from the target address and port to the address and port of the web server on the Raspberry Pi that hosts my irrigation supervisor.
  • I set up an account on the free Dynamic DNS provider DuckDNS, and installed a simple script (provided by them) on my Mac Mini server.  This script runs (via cron) every five minutes, and it updates the mapping between my domain name and my external IP address.  Xfinity can change my public IP address anytime they feel like it, and it seems to actually change on the order of weekly (though I've never tried to actually track it).
  • I configured a new URL redirect record at my domain name provider (Namecheap), who also hosts my public DNS records.  This allows me to refer to a subdomain of a primary domain that I own, instead of DuckDNS's primary domain.  It's also convenient, as the redirect takes care of the funny port number, and I don't have to type it in.  I'm lazy, what can I say?
This all would have been simple and fast had I not run into a stupid problem with cron on the Mac Mini.  That held me up for an hour while I researched the problem – which, as usual, turned out to be entirely of my own making.

Anyhoo, it's all working now!

No comments:

Post a Comment