External access to eGeoffrey



  • @eporocrail weird, I need to reproduce it to further debug. Meanwhile let me know if you can access your local instance (house id set to boomhut, no password). Thanks



  • @user2684

    No log-in possibility for the normal website access.



  • Have a look at your .env file, it should contain both:

    EGEOFFREY_GATEWAY_HOSTNAME=egeoffrey-bridge
    EGEOFFREY_ID=boomhut
    

    and not other EGEOFFREY_ directives. If not, fix it, stop and start eGeoffrey. Look at the logs to ensure services are connecting fine to the gateway, then try doing the same via the web interface. I believe I forgot to mention EGEOFFREY_GATEWAY_HOSTNAME in my previous instructions.

    Also consider all of this manual configuration should be handled automatically via the cli.



  • @user2684
    Looks a bit different but still authorisation problem:

    pi@raspberrypi:~/egeoffrey $ sudo egeoffrey-cli logs egeoffrey-bridge
    Attaching to egeoffrey_egeoffrey-bridge_1
    egeoffrey-bridge_1 | Generating configuration file...
    egeoffrey-bridge_1 | Starting moquitto...
    egeoffrey-bridge_1 | 1593433932: Warning: Bridge egeoffrey-gateway using insecure mode.
    egeoffrey-bridge_1 | 1593433932: mosquitto version 1.6.9 starting
    egeoffrey-bridge_1 | 1593433932: Config loaded from /mosquitto/config/mosquitto.conf.
    egeoffrey-bridge_1 | 1593433932: Opening ipv4 listen socket on port 1883.
    egeoffrey-bridge_1 | 1593433932: Opening ipv6 listen socket on port 1883.
    egeoffrey-bridge_1 | 1593433932: Opening ipv4 listen socket on port 8883.
    egeoffrey-bridge_1 | 1593433932: Opening ipv6 listen socket on port 8883.
    egeoffrey-bridge_1 | 1593433932: Opening websockets listen socket on port 443.
    egeoffrey-bridge_1 | 1593433932: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433932: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433932: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433938: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433938: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433938: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433944: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433944: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433944: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433948: New client connected from ::ffff:172.21.0.9 as egeoffrey-boomhut-system-watchdog-egeoffrey-gui-d5cef24021 (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433948: New client connected from ::ffff:172.21.0.3 as egeoffrey-boomhut-system-watchdog-egeoffrey-notification-smtp-2026b9e220 (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433948: New client connected from ::ffff:172.21.0.8 as egeoffrey-boomhut-system-watchdog-egeoffrey-service-mqtt-ff2821532d (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433948: New client connected from ::ffff:172.21.0.2 as egeoffrey-boomhut-system-watchdog-egeoffrey-notification-mobile-fa267c3afd (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433948: New client connected from ::ffff:172.21.0.9 as egeoffrey-boomhut-gui-webserver (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433949: New client connected from ::ffff:172.21.0.5 as egeoffrey-boomhut-system-watchdog-egeoffrey-service-fcc_weather-3dfd189271 (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433949: New client connected from ::ffff:172.21.0.3 as egeoffrey-boomhut-notification-smtp (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433949: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-system-watchdog-egeoffrey-controller-362ba2a576 (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433950: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433950: New client connected from ::ffff:172.21.0.2 as egeoffrey-boomhut-notification-mobile (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433950: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433950: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433951: New client connected from ::ffff:172.21.0.8 as egeoffrey-boomhut-service-mqtt (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433951: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-controller-logger (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433951: New client connected from ::ffff:172.21.0.5 as egeoffrey-boomhut-service-fcc_weather (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433952: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-controller-db (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433952: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-controller-config (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433953: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-controller-alerter (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433953: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-controller-chatbot (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433953: New client connected from ::ffff:172.21.0.7 as egeoffrey-boomhut-controller-hub (p2, c1, k60, u'boomhut').
    egeoffrey-bridge_1 | 1593433956: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433956: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433956: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433962: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433962: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433962: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433968: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433968: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433968: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433974: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433974: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433974: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433980: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433980: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433980: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433986: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433986: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433986: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433992: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433992: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433992: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593433998: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593433998: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593433998: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    egeoffrey-bridge_1 | 1593434004: Connecting bridge egeoffrey-gateway (gateway.egeoffrey.com:8883)
    egeoffrey-bridge_1 | 1593434004: Connection Refused: not authorised
    egeoffrey-bridge_1 | 1593434004: Socket error on client local.egeoffrey-boomhut-system-bridge, disconnecting.
    pi@raspberrypi:~/egeoffrey $



  • Ok this means the modules are now connecting to the local gateway so you should be able to login as well via web (boomhut house id, no passcode) but still not connecting to the bridge (which is something I need to replicate). Thanks



  • @user2684
    Yes, access via webpage is working!



  • Good one! As for the bridge, I replicated exactly your same configuration and it is working fine here 😕 I know it is obvious but would you mind checking if the remote_password in the file data/bridge/config/mosquitto.conf is correct? (including the special characters)



  • @user2684

    My mistake. An error in the password. Now it is working!

    Tomorrow I start with the documentation.

    Thanks.



  • @eporocrail ok let me also know if pointing the mobile app or the web interface to the public gateway you can see your data correctly, even from outside the local network



  • @user2684

    Via webpage no access to gateway.egeoffrey.com:1883 and not too gateway.egeoffrey.com:8883



  • @eporocrail you should be using always port 443 from the web interface since using websockets when connecting to the mqtt broker. Also ensure the SSL checkbox is checked. Thanks!



  • @user2684

    web access: gateway.egeoffrey.com:443 has as result:
    400 Bad Request

    The plain HTTP request was sent to HTTPS port



  • @user2684

    Where the remote access to eGeoffrey is almost working I gave it some thoughts.

    Lets go for a complete setup to manage the house and a second one, the holiday home.

    The aim is to come up with a Howto to create from scratch a system to manage both houses.

    Than we have the simple set-up for one house for most users.
    The more sophisticated version is than available for the "admins".



  • The plain HTTP request was sent to HTTPS port

    Sorry, definitely my bad explanation. What I meant was what to enter when you logout from the web interface or from the same in the mobile app and the login screen shows up. The login screen has the following:

    • Gateway:
    • House:
      • House Id: boomhut
      • Passcode: your password
    • User:
      • Username: admin
      • Password: admin

    Basically from any web interface you can login to any instance of eGeoffrey by providing the right gateway



  • @user2684

    When I access eGeoffrey on my Mac via gateway.egeofrrey.com I see the heartbeat and the pushbutton. Also activity is displayed correctly.

    When I do the same on the smartphone I only have the pushbutton. The heartbeat is not visible. Activity of pushbutton is OK.

    When I go for editing the page the heartbeat is not available?????



  • Cool, it means it working then. As for the heartbeat widget in the mobile app, my bad, the mobile app has not been updated yet with the new gui, this is why it is now showing up correctly. I will publish by tomorrow.

    Out of the manual configuration, do you believe this capability (e.g. access from outside the local network without opening a port in the router or setting up a VPN) may be useful/interesting for a user? The automation piece is pretty demanding (new cli capabilities, a registration page, automatic provisioning etc.) so want to be sure it is worth the time I need to spend to implement it.
    Thanks



  • @user2684

    I think that with a proper Howto the user who has some experience with eGeoffrey can manage to come as far as we are now.

    Maybe one could indeed distinguish between a simple straightforward local installation and the more advanced set-up maybe with two different houses on the mongo db for the experienced admin.

    Give it some thought.



  • @user2684

    And for sure it is worthwile to make it available!

    And I do not think any further automation is required.



  • @user2684

    The first portion of the documentation I am working on is ready. I would like you especially to look into the introduction to be sure I got the quintesence correctly.

    Any comment is appreciated.

    Bringing eGeoffrey to the next level

    For most people the way eGeoffrey is working for us so far is quite OK .

    But he is by far not put to his limits.

    The next step is to have eGeoffrey with us when we are abroad. This can be done by using "the cloud".

    What we did until now is that we have eGeoffrey sending us an email when he needs our attention. Than we look into the system to see what is going on. That works well when we are within reach of our WiFi network or our LAN.

    It would be much more helpful when we could access the system being abroad.

    There are several ways to enable this.

    One way is created specifically to have eGeoffrey traveling along with us without creating an opening in our protected WiFi an LAN environment at home.

    It is possible to let our MQTT broker at home communicate with a publicly available MQTT broker in a protected secure way.

    While this broker is publicly available it can be accessed from anywhere.

    This facility is made available to have eGeoffrey traveling with us.

    To enable this possibility the "eGeoffrey app" needs to be installed on your smartphone. Next to that eGeoffrey needs a little extra tweaking.

    Installing the "eGeoffrey app" on smartphone

    I have an "Android" smartphone.

    Go to "Play Store"
    Search "eGeoffrey"
    Select "eGeoffrey" app.
    Select "Install"

    After installation go to Top right and activate menu.
    Select "About".
    Now the "Device Token" is presented. This veeeeeery long code has to be inserted into the web interface of eGeoffrey later on.

    Installing the "notification/mobile" module in eGeoffrey

    Got to "eGeoffrey/Marketplace"
    Scroll down until you see "egeoffrey-notification-mobile"
    Click on it.
    On the page where you land you are in the paragraph "Install"

    There you find the command which needs to be executed: "egeoffrey-cli install egeoffrey-notification-mobile"

    This command has to be executed on the Raspi with eGeoffrey installed.

    The simplest way:
    Open a terminal window on your network client.

    Issue the command:
    ssh pi@Raspi IP-address (in my case: ssh pi@192.168.2.160)
    You are requested to insert the password of the Raspi. Insert it.
    Now you can access eGeoffrey.

    Issue the following commands successively:

    cd egeoffrey
    
    sudo egeoffrey-cli install egeoffrey-notification-mobile
    
    sudo egeoffrey-cli start
    
    sudo egeoffrey-cli status
    

    Now also "egeoffrey_egeoffrey_notification-mobile_1" should be UP.

    Close the terminal window.

    Configuration of the mobile notification service

    Go to the eGeoffrey web-interface.
    Go to "eGeoffrey/Modules".
    Scroll down to "notification/mobile". Go to "Actions/Edit Configuration"
    Window "Module Configuration"

    Tab "notification/mobile"
    List of tokens of the mobile devices to be notified, comma separated (to get the device token, open the eGeoffrey mobile app and tap on 'About')

    Insert the "Device token"

    Save

    Now you are able to have on your smartphone the same interface as on your net-client.

    Top left open the three dashes symbol. Click on the log-in symbol. Now the eGeoffrey log-in menu is presented.

    Log in as the user of the web-interface in the WiFi/LAN environment. You have full access to eGeoffrey. Your smartphone is working together with eGeoffrey in a different way as via the Web-browser.



  • And for sure it is worthwile to make it available!

    Good feedback, I thought was something differentiating even if requiring some infrastructure behind the scene, I will prioritize this then.

    And I do not think any further automation is required.

    This is a precious feedback as well. Let me think of something in the middle. the most tricky part is for sure the user provisioning since I cannot manually create users and don't want to know any password but this can be done at a later stage. Maybe something which can be automated at this stage in a simpler way is the following:

    • Find a way to "merge" the bridge and gateway packages, there is no need to have two different packages and requires users to uninstall and install.
    • Have the installer asking for a house name so every user can be potentially on a different house
    • Have the cli allowing to rename the house
    • Have the cli allowing to enable/disable the bridge capability

    It requires some work but not that much to accomplish all of those. Long term I would like to have a registration form which creates an account on the clod broker. And in this way also there will be no need to use the token but the cloud service will know who is the user and the token will be automatically registered with the house. But this requires way more effort.
    Bottom line, let me quantify the effort of the points above since only those would dramatically simplify the instructions leaving only the "registration" piece out which is by now happening manually, in the future there will be a form.

    For most people the way eGeoffrey is working for us so far is quite OK .
    But he is by far not put to his limits.

    My feedback on what you wrote is definitely positive. Very clear, you entered into the mood ehehe and detailed all the required steps. If you want in the final how to add any picture, the error you faced with the forum has been fixed now.

    Probably how to expose the local eGeoffrey broker to the internet is something I need to detail somewhere better. There are this https://developer.egeoffrey.com/learn/deployment/ and https://developer.egeoffrey.com/learn/security/ which are related but not addressing it in full.

    will keep track of this need with https://github.com/egeoffrey/docs.egeoffrey.com/issues/3

    Thanks!


Log in to reply