0

I have 10 RPis located at different cities, and I want to remotely and securely access them from the office, control them, update the contents, etc.

As I've searched so far, there are several ways to do so like port forwarding, static IP, etc.

Now I want to know whether it's possible to use my domain/host to do so. I have a domain say www.mydomain.com with a US linux host, and I can create as many subdomains as I like on it.

Is it possible to create subdomains like rpi01.mydomain.com, and use these subdomains to remotely and securely access RPis from anywhere in the world !?

And if yes, how can I do this !?

Omid1989
  • 662
  • 2
  • 14
  • 28

2 Answers2

1

You will need to add records for each name (rpi01.mydomain.com etc) to the DNS server responsible for mydomain.com. If you have a master DNS server for it, just add the records you need to /var/named/mydomain.com.zone. If not, ask your registrar to add those records for you, or use their web interface if they provide one.

Example: Namecheap: How do I create a subdomain for my domain?

Dmitry Grigoryev
  • 27,928
  • 6
  • 53
  • 144
  • Thanks @Dmitry-Grigoryev for your reply. What should I do after adding the records to the DNS server !? How can I associate each one to RPis? And how can I connect remotely to them at the office !? – Omid1989 Apr 26 '17 at 13:18
  • 1
    When you create the records, you specify the IP address of each RPi you have, that's how the association is done. You connect to them by specifying the domain name in your SSH client at the office. – Dmitry Grigoryev Apr 26 '17 at 13:23
  • Thanks @Dmitry-Grigoryev for your comment. So you mean, I need static IP addresses for each of RPis !? – Omid1989 Apr 26 '17 at 13:31
  • 1
    @Omid1989 Yes. If you don't, you won't be able to use subdomain names for them. SSH protocol doesn't support virtual servers like HTTP. – Dmitry Grigoryev Apr 26 '17 at 13:34
  • Thanks again @Dmitry-Grigoryev for your comment. Actually, I thought specifying subdomains is an alternative to using static IP or portforwarding!! If not, I'd prefer to use static IP or port forwarding alone. Am I correct ? – Omid1989 Apr 26 '17 at 13:40
  • 1
    @Omid1989 Domain names are just a human-friendly form of IP addresses. No matter what you do, you need a public IP if you want to connect to your RPis over the Internet. You may get away with just 1 IP if you run SSH on different ports, or set up an SSH gateway. You can assing multiple subdomain names to your IP, but you will still need to specify different port numbers (or host keys) to specify a particular RPi you connect to. – Dmitry Grigoryev Apr 26 '17 at 14:02
  • Thanks again @Dmitry-Grigoryev for your helpful comment. I got it. Just one more question: Is it possible to use just 1 IP to remotely access to 10 RPis with different port numbers? Is this secure against botnets, etc ? – Omid1989 Apr 26 '17 at 14:07
  • 1
    @Omid1989 This is a rather broad question, however, if you make one RPi secure against botnets and apply the same security strategy to 9 others, I don't see how those could end up to be significantly less secure. – Dmitry Grigoryev Apr 26 '17 at 14:26
1

If you have control over your DNS server, you can add host names dynamically and associate them with a particular device. So for example: 

 rpi001.domain.com   110.220.100.10
 rpi002.domain.com   110.220.100.11
 ...

You can use this simple method to ask each rpi to identify itself with your server; you can also use this as a two way communication.

Your problem is not over just having the public IP or a valid dns entry. On each location you will need to do a port forward to reach the remote LAN rpi; not easy if you have limited or no control over the remote site.

I think that will be easy and secure for each rpi push and request the updated information from your server at specific times using cron or a similar method.

fcm
  • 1,837
  • 2
  • 17
  • 30
  • I don't quite understand what is the purpose of having dynamic host names (if anything, you want them to be as static as possible, so that when you connect to rpi001, it's the same device every time). Also, I couldn't help noticing that you've basically implemented mDNS using a web server + PHP. – Dmitry Grigoryev Apr 26 '17 at 15:57
  • Yes, you are right: there is no need of dynamic host and no need to know where are the rpi located. Yes, this is sort of a DDNS and works great! – fcm Apr 26 '17 at 16:05
  • What's wrong with normal mDNS? It looks easier to deploy than a web server (unless you need the web server for other purposes of course) – Dmitry Grigoryev Apr 26 '17 at 16:48
  • The issue here is not dDNS, is the two way conversation with a simple IOT device, deployed, perhaps, behind a firewall, using a single unfiltered port 80 (443 if needed). I use the public IP address to (roughly) locate the device using 'whois'. – fcm Apr 27 '17 at 14:15