A guide to safe remote access.
This is not a complete guide with every single step in detail, but rather a recommendation of what to do and especially what not to do to get access to the printer from somewhere remote from your network.
You have to decide if you ..
- only want to have status messages on your smartphone
- or you need full remote access to Mainsail from everywhere
Of course, you can also use a combination of both.
For simple status messages there are a couple of additional tools that can be used:
- discord: Mooncord is a bot that sends you status messages over discord.
- telegram: moonraker-telegram is a bot that sends you status messages over telegram.
These tools are installed on the local machine and send the status messages via the respective platforms. Thus, no access to your local network from outside is necessary.
For details, please refer to the projects instructions.
- Please do not open ports of Mainsail/Moonraker in your router to the rest of the world. There are plenty of reports of Octoprint installations being freely accessible on the Internet, with just as many reasons why this is not a good idea.
- Use an external service provider (e.g. tailscale) to gain access to your home network.
- Con: you give the control out of your hand
- Reverse Proxy
- Set up your own secured VPN tunnel.
- either in the router
- or your Pi
Several routers allow you to set up a VPN tunnel without much effort.
After you have entered the login data into e.g. your smartphone, you will have secure access to your entire network, including Mainsail.
To be able to reach your home network even with a non-static IP address, you should use a dynamic DNS service. This will forward a domain directly to your IP address. Often, these DynDNS services can also be set up directly in the router, so that the IP address gets automatically updated on a change.
The devices that dial in via the VPN tunnel are assigned to a different address range. This address range must be configured in moonraker under trusted_clients and cors_domains. https://moonraker.readthedocs.io/en/latest/configuration/#authorization
192.168.1.x // devices on your regular LAN
192.168.50.x // devices connected through your VPN tunnel