I want run server online . I have already installed and now I don’t know how this server open to the world safely.Can you give me instructions step by step ? (I have rpi zero W and router tenda) I have readed something about Host DMZ.
It’s better to use
port forwarding which is discussed many times in this forum. The most recent one:
Now on pc I can login to admin console,but On blynk application I can’t.I haven’t done anything yet.Is it normal?
So it’s good that you can log into the
Blynk local server (or just
server) admin page. This is a good start, as you already knew your local IP address of the
server. But there are still many things to do. You can patiently follow step by step.
Try to use your phone Blynk APP to create an account, then log into the server to verify. You have to use the local IP address (for example: 192.168.0.105) of the server and port 9443 and the
Custom Serversettings in the APP.
If you can log into the server and create an account, you can move to next step.
Make your local server IP address static by going to the Tenda router, setting the
Static IP Address Leaselist, using your server MAC address and local IP you want for the server, say
To find out your RPi MAC address, you can either
a) see in router’s DHCP Server list (
ifconfigcommand in RPi Zero W SSH terminal.
pi@raspberrypi-02:~ $ ifconfig wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.105 netmask 255.255.255.0 broadcast 192.168.0.255 ... ether b8:27:eb:44:bd:7a txqueuelen 1000 (Ethernet) ...
If OK, go the next step
- Port forward the ports
9443/8080/443to your server @
192.168.0.105. You can use
DMZ Hosttemporarily just to test as this practice is not safe. I believe all these 2 settings are done in
Virtual Serversmenu of
Tenda. Then testing by
a. Find out your
global IP Address by either looking in your
System Status menu of the Tenda or go to [ https://whatismyipaddress.com/ip-lookup ]. It will be something else, for example
206.a.b.c. If you get this
global IP Address from the router such as
172.31.x.x, your ISP is using Double NAT and you have no way to access you server from outside network. If OK, go to next step
b. Check if your ports (forwarded in step 3) are opened by going to http://www.portchecktool.com/
If OK, go to next step
c. Point your Browser to you
global server IP, port 9443:
For example : https://206.a.b.c:9443/admin
If this step is OK, you’ve almost finished.
- Read the note and follow the steps posted above
to have DDNS. Then finish your configurations.
I think this is the maximum I can help you with. The rest is in your hands. Good luck.
I think, I have twice NAT.I made port forwarding,and I can connect in local to rpi,blynk server and blynk client(on android), but when I using cellular data I can’t connect.
Not so soon with your conclusion of
Double NAT. Whatever you saw in
ifconfig is just the local IP address. You have to follow step
3.a to know.
You’ve made lot of good moves so far. Keep going.
You don’t need
Docker to solve this issue.
Connection Refused means you have the port
9443 opened (thanks to DMZ Host), but no application is actually running @ that
DMZ host to accept the incoming connection. The
DMZ Host will send a
TCP RST packets back to the source to tell that
So, you have to check:
DMZ hostwas actually set to be your
local server RPiIP Address, say @
192.168.0.105, same as in
- Did you make
local server RPilocal IP address
staticso that every time RPi restarts, its
local IP Addressis always the same (say
192.168.0.105), and it’s really the
DMZ host? Use
ifconfigto check again. You make local IP address
staticby following step 2 of previous post:
Make your local server IP address static by going to the Tenda router, setting the Static IP Address Lease list, using your server MAC address and local IP you want for the server, say 192.168.0 105 To find out your RPi MAC address, you can either a) see in router’s DHCP Server list ( xx.xx.xx.xx.xx with 192.168.0.105) or b) use ifconfig command in RPi Zero W SSH terminal.
How did you connect to your
local Blynk Serverusing your app? Which address and port? Are you sure you used port
9443and the same
local IP Addressas the
You can also check
server.propertiesfile to be sure the ports are set correctly:
#http, plain web sockets and plain hardware port http.port=8080 #secured https, web sockets and app port https.port=9443
3.I used my public adress and port 9443
4.everything is ok!
I scanned my public ip and:
I tried to check and saw the ports 9443 / 8080 of your WAN (public) IP Address (94.232.156.xxx) are still not open.
Assuming the steps you’ve done are
correct, there are some other possibilities such as
- Your Tenda router is not working correctly (not forwarding ports, etc.). Can you change the router to test.
- Your ISP (in some parts of the world) blocks the ports
You can do some more research about this old issue at
OK I got along with my ISP and now I have server, but I don’t know why certificate not generating.
I used Automatic Let’s Encrypt certificates generation.
I have registered a domain on duckdns from a public address
Now I can’t enter to admin api.
Now I can’t enter to admin api.
You have to forward port as you did in previous post
You have to remove DMZ host. Using
port forwarding is enough. If you still use unsafe
DMZ Host, you don’t need to make your server using SSL.
You have done many things correctly and your Blynk Local Server is up and running now.
Jesteś bardzo dobry
The SSL Certificate is much more complicated, you have to research previous posts in this forum. If you still have issue, I suggest you open a new topic.
Some place to start your research:
Automatic Let's Encrypt certificates generation Latest Blynk server has super cool feature - automatic Let's Encrypt certificates generation. However, it has few requirements: Add server.host property in server.properties file. For example : server.host=myhost.com IP is not supported, this is the limitation of Let's Encrypt. Also have in mind that myhost.com should be resolved by public DNS severs. Add contact.email property in server.properties. For example : email@example.com You need to start server on port 80 (requires root or admin rights) or make port forwarding to default Blynk HTTP port - 8080. That's it! Run server as regular and certificates will be generated automatically. Manual Let's Encrypt SSL/TLS Certificates First install certbot on your server (machine where you going to run Blynk Server) wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto Generate and verify certificates (your server should be connected to internet and have open 80/443 ports) ./certbot-auto certonly --agree-tos --email YOUR_EMAIL --standalone -d YOUR_HOST For example ./certbot-auto certonly --agree-tos --email firstname.lastname@example.org --standalone -d blynk.cc Then add to your server.properties file (in folder with server.jar) server.ssl.cert=/etc/letsencrypt/live/YOUR_HOST/fullchain.pem server.ssl.key=/etc/letsencrypt/live/YOUR_HOST/privkey.pem server.ssl.key.pass= Generate own SSL certificates Generate self-signed certificate and key openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt Convert server.key to PKCS#8 private key file in PEM format openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem If you connect hardware with USB script you have to provide an option '-s' pointing to "common name" (hostname) you did specified during certificate generation. As an output you'll retrieve server.crt and server.pem files that you need to provide for server.ssl properties.
so if I use port forwarding, is this the secure way?
For your home purpose / application, IMHO, I think the
port forwarding, instead of
DMZ Host, is good enough. Certainly, if you can make SSL working, why not using it.
The reasons we use SSL are:
#SSL Encrypts Sensitive Information The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves. In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information. Why is this important? The nature of the Internet means that your customers will often be sending information through several computers. Any of these computers could pretend to be your website and trick your users into sending them personal information. It is only possible to avoid this by getting an SSL Certificate from a trusted SSL provider. #SSL Provides Authentication Why are SSL providers important? Trusted SSL providers will only issue an SSL certificate to a verified company that has gone through several identity checks. Certain types of SSL certificates, like EV SSL Certificates, require more validation than others. How do you know if an SSL provider is trusted? You can use our SSL Wizard to compare SSL providers that are included in most web browsers. Web browser manufactures verify that SSL providers are following specific practices and have been audited by a third-party using a standard such as WebTrust. #SSL Provides Trust Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. This means that they will trust your website more when they see these cues and will be more likely to buy from you. SSL providers will also give you a trust seal that instills more trust in your customers.
Read more in
ok thank you