Very recently, I got hold of a Raspberry Pi 3 Model B. With the desire to setup a home automation system I first wanted to see if I could access the Pi publicly through my home's internet connection. This would have been the easiest task by just port forwarding if not for my ISP locking down the router behind a NAT-1 switch. This crushed my dreams of being able to do what I wanted.
I started looking at online solutions to securely tunnel from the Pi to the internet and obtain a publicly accessible domain. This is where I came across Ngrok, a service that allows you to tunnel a port on a machine and expose it publicly. Their use case surrounds demos and testing without deployments. However I tried to re-purpose it to setup a webserver on my Raspberry Pi.
Setting up the Raspberry Pi
Here are the key components needed and steps to set up remote access to a Raspberry Pi:
Raspberry Pi 3
Micro SD card (8GB minimum, 16GB recommended)
SD card reader
Raspbian OS image
Etcher software to write the image
Internet connection (wired or wireless)
Download the Raspbian Stretch with Desktop image Use Etcher to write the Raspbian image to the micro SD card Insert the micro SD card into the Raspberry Pi and power it on On first boot, connect the Pi to a monitor, mouse, and keyboard Go to Preferences > Raspberry Pi Configuration Configure timezone, locale, and keyboard settings Go to Interfaces and enable SSH and VNC Open a terminal and use the ‘passwd' command to change the default password This allows accessing the Pi remotely once it's connected to a network, without any peripherals by using SSH or VNC over the internet/network connection.
Configuring remote access
Open a new terminal session and run
ifconfig and note down the IP address
Run the following commands:
$ sudo apt-get update
$ sudo apt-get install realvnc-vnc-server
$ sudo systemctl enable vncserver-x11-serviced.service
$ sudo systemctl start vncserver-x11-serviced.service
At this point, remote access to the Raspberry Pi should be fully configured, both for graphical and terminal sessions.
You can now disconnect any unneeded peripherals like the monitor, mouse and keyboard. The Pi will still be accessible remotely over the network.
To connect graphically via VNC, download and install RealVNC Viewer on your local machine.
Open VNC Viewer and go to File > New Connection. Enter the Pi's IP address in the “VNC Server” field. Give the Pi a friendly name for easy identification later.
Click “Connect” and you should see the Pi's desktop interface load in a new window on your machine. This confirms graphical remote access is working as intended via VNC over the network connection.
The Raspberry Pi is now remotely operable from any device on the same network without any local monitors, mice or keyboards attached to the board itself. This makes the Pi much more flexible for various applications.
pi as the username and the password you set earlier as the password.
You should now have a remote connection to the Pi.
Setting up a web server
For hosting the web app files, I chose to use Nginx given its low system resource utilization. However, Apache would work as well if additional web server capabilities are required.
To setup Nginx:
$ sudo apt-get install nginx
$ sudo systemctl enable nginx.service
$ sudo systemctl start nginx.service
Browse to 127.0.0.1 in the browser within the Raspberry Pi and you should see a
Welcome to Nginx page.
To change the contents of the site, navigate to
/var/www/nginx and change the contents to the site you want to deploy.
Making the site publicly accessible
Now that our web server is configured locally, we need to expose it publicly via the internet. This is where Ngrock can help.
Head over to the Ngrock website at https://ngrok.com and sign up for a free account. They will provide an authentication token once you register – make sure to note this down, as we will need it shortly.
Ngrock allows us to establish secure tunnels between local developer resources and public endpoints, perfect for our use case.
$ cd /tmp
$ wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip
$ sudo mkdir /etc/ngrok
$ unzip ./ngrok-stable-linux-arm.zip -d /etc/ngrok/
$ rm ./ngrok-stable-linux-arm.zip
$ ln -s /etc/ngrok/ngrok /usr/local/bin/ngrok
Create a new file
~/.ngrok2/ngrok.yml with the content below. This is the configuration file Ngrok looks at to begin tunneling. If you want to protect access to the site you can add an auth option
auth: "username:password" and this will protect your site via basic auth
Once we have Ngrok configured, we need to set it up to run as a service. This is so that we don't need to keep a terminal session running.