[kwlug-disc] Open questions from pioreactor

Jason jasonpa at gmail.com
Tue Jun 4 12:46:27 EDT 2024 

Sorry I missed the presentation.  I had to run to a doctor's appointment
and couldn't get back in time.

Wanted to add a few things to these links (although I may be missing a bit
of context).

For HTTPS on your local network, I would be cautious with Cloudflare
Tunnels.
You're essentially poking an outbound hole in your internal network instead
of port forwarding, so be aware of the security considerations here.
Also, because CloudFlare controls the certificates for the SSL tunnel, they
can/will read your traffic, if not only to manage it properly.

I actually use Cloudflare (right now) for my website DNS, DDOS
protection, and email redirection, but after the recent debacles from a
business perspective, I'm going to be switching away from their services,
even though they're basically free for me right now.
The way their sales team has been acting, and the lack of public leadership
accountability and transparency is pretty scary.

For background:
https://www.youtube.com/watch?v=7LuwPdp-_4c
https://robindev.substack.com/p/cloudflare-took-down-our-website
https://www.youtube.com/watch?v=0YcnKfT_ESs
https://www.youtube.com/watch?v=ycJGIKLE9hg

Instead, you may want to look at using LetsEncrypt for a free SSL
certificate, and use a reverse proxy (like Nginx) to expose and manage the
SSL connections to the application.
If you're using containers, you could use something like Traefik:
https://traefik.io/traefik/

---
Again not sure about the context with mDNS, but for local server name
resolution, PiHole can do this.
There's a Local DNS option, where you can easily add a DNS entry that
resolves to your local IP.
I use this for a ton of my internal applications.

On top of that, if you're running PiHole for your DNS resolution, you can
customize a lot of settings for pulling external resolution, and block ads
and other malicious sites from blacklists.
Highly recommend, and you don't have to use a Raspberry Pi to do it.  I
have PiHole running as a container on my NAS, but you can install it
manually as well.

---
+1 for Shiv-  I've used it in production to turn our Python scripts into an
executable.
Alternatively, you could containerize the application with a Dockerfile, so
you have all of the dependencies built into one image.

Cheers,
Jason Paul

On Mon, Jun 3, 2024 at 11:24 PM Andres Vargas - zodman <zodman at gmail.com>
wrote:

> Q: How do you think you could enable https for local network?
>
> I suggested in the meeting today the HTTP local tunnel.
>
> I mention this:
> https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
>
> That enables a URL like https://mymachine.mydomain.com to point to your
> local host or IP address. with a proxy, and exposed to internet.
>
> here are a bunch of  similar solutions
> https://github.com/anderspitman/awesome-tunneling
> The first software making this was called ngrok and it was popular!
>
> Q: how fix mDNS for not being slow?
>
> mDNS is stupid slow. xD, It is like a printer discovery protocol.
>
> Instead of using mDNS, why not use dynamic DNS with ddclient[1]
>
> You could have machine1.pioreactor.io pointing to the local IP network
> like 10.0.0.1  and updated on every boot.
>
> Or create your own protocol for support offline.
>
> [1]: https://ddclient.net/protocols.html
>
> Q: update software should I use deb ?
>
> I think the release should be by image release. You could warranty it
> works on every raspberry pi, and implementing a deb file could be messy.
>
> Another possible solution is to could package your Python application
> using the PEP 441[2]
>
> There are some interesting packagers like shiv
> https://shiv.readthedocs.io/en/latest/
>
> Check this pyempaq. It's from a friend.
>
> https://github.com/facundobatista/pyempaq?tab=readme-ov-file#how-pyempaq-relates-to-other-similar-tools
>
> Here a video explaining how to make the perfect deployment with shiv.
> https://www.youtube.com/watch?v=Jzf8gTLN1To
>
>
> {2}: https://peps.python.org/pep-0441/
> _______________________________________________
> kwlug-disc mailing list
> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> with the subject "unsubscribe", or email
> kwlug-disc-owner at kwlug.org to contact a human being.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20240604/94aaaf17/attachment.htm>

More information about the kwlug-disc mailing list