Hi,
one of my motivations for moving to opensprinkler was to access opensprinkler from remote locations from a mobile phone.
While opensprinkler has been running fine, early this year I worked on adding the remote support.
I watched the video about configuring port forwarding on the router, however I had the concern about the lacking TLS support. Without TLS, all passwords for authentication are send unencrypted over the internet. As I want to control the irrigation and not someone who got hold of a cookie, this is not an option for me.
This is my solution using another raspberry pi lying around:
– I installed nginx on the additional raspi
– I configured a dynamic DNS on my router.
– Based on the dynamic DNS I used letsencrypt to get a TLS certificate. This gives a certificate trusted by the usual browsers.
– configured nginx running TLS on port 443 to proxy all traffic to opensprinkler.
– opened port forwarding on my router for port 443.
With that I can access myopensprinkler over https://<mydynamic DNS entry>.
Using another nginx for that is also some additional effort.
Therefore my preferred solution would be to run TLS directly on the raspi.
Would the community be interested in directly adding TLS/letsencrypt support to raspi?
I can look into raising a PR for this.
Regards,
Martijn