I am introducing some technology into my folks farm to aid their efficiency. My first project has been to use a Nano 33 IoT to measure the electric fence voltage and enable this to be displayed on a phone using the Nano as a web server. I have port forwarded and the server is accessible on the internet. I will shortly use a DDNS service to complete the job.
I have done this as someone who is not very knowledgeable about networking and the help from the tutorials and this forum has been excellent and essential. I now have a couple of questions.
I intend to produce more monitors around the place and it is about how to do this. I will need to forward separate ports for each web server. My current one uses 80 as that was in the example I copied, but can any number be used - providing it does not conflict with ports already in use, or which might be used in the future. Is there a range of port numbers that are sort of ‘safe’ to use?
My second question is about whether sub-domains can be used and how this might be done. I would like to have a domain name like ‘ourfarminfo’ and then access each server through a sub-domain like fence.ourfarminfo, chicks.ourfarminfo, freezers.ourfarminfo and so on.
Finally some things can be serious enough to warrant putting an alert on a phone. I am reading up on pushsafer to see if that would do the job. My question is - can you have a web server and a pushsafer system on the same arduino.
Any help would be much appreciated. If you can please assume that the little knowledge I have is probably a dangerous thing and present your suggestion in simple terms if that is possible.
Connecting anything to the internet without proper security is extremely dangerous. It seems you have no clue about security, so don't do it.
Does fence.ourfarminfo, chicks.ourfarminfo etc have to be accessible from internet?
Edit: have to / is it preferred to
Instead of poking holes and forwarding ports to individual monitor devices, you might instead consider a single proxy server. If it's a Linux box and not an Arduino, that makes the proxy part easier. It is accessible from the outside, but also has access to the internal network.
Each monitor "makes itself known" -- more on that next -- with its name: fence, chicks, etc; which is used for a subdomain. Arrange a blanket rule for the DNS so all requests hit the proxy. The proxy looks at the subdomain in the Host header, and forwards the request to the appropriate instance on the internal network using the standard port 80 for HTTP. (Bonus: access from the outside can use HTTPS to the proxy, but the proxy can use plain HTTP within the internal network.)
You could use multicast DNS for the monitors to advertise themselves and their own names. So you'd end up with e.g. fence.local and chicks.local being valid names on the internal network. Or you could use a more manual method, and have the proxy server also receive registrations, and each monitor reports itself at startup and every ten minutes, hour, whatever.
For the proxy server, I'd write it in Go: good tooling, single static binary, no dependencies. You could add security, rate limiting, etc there
check the list of "known ports"
imho the range 8080+ was used often for additional HTTP pages.
For security, consider to set up a VPN to your home LAN.
Thank you, the idea of having a single server to interface with the outside world through which tbe individual minitors can be accessed is a really good one. I will ponder about how I will do this but it is definitely the way I will go.
That is a good question. The farm is 104 acres with spread out farm buildings. It maybe a better idea to extend the wifi coverage at least to the farm buildings when internet access woukd not be necessary.
Well you certainly live up to your name. Would you care to offer any advice on how to implement appropriate security?
That would solve a lot of the issues - security, setting up name servers etc. Actually WiFi isn't necessary, there are other wireless techniques that works better. Perhaps Home Assistant could be the platform, even if the name doesn't sound like it fits your needs 
Web security can be a career in itself. From the courses I took I decided that I have other things I'd rather do. I don't connect anything directly to the internet, so have no further advice. A small operation likes yours probably wouldn't be worth the time to a hacker, but why take a chance?
For further paranoia many service providers don't get it right either - look at the daily headlines of yet another one being hacked.
As others have suggested think about the need for internet access vs local network access. Do you really need to access your farm data from Bulgaria? Or would from the kitchen (barn, equipment shed, etc) be enough.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.