Local Blynk server on Raspberry Pi and Google assistant with IFTTT

Need Help With My Project
1

I have set up a local server on my Raspberry Pi so that I can control my ESP32 project using voice commands (IFTTT and Google Assistant) Works great but I have to leave port 8080 open for this to work.

My Pi is connected to my WiFi network obviously, as are the rest of my machines (mostly Win 7 and Win 10) SO… since I am not a hacker, I am not sure I understand the implications of forwarding 8080 to the Pi on an internal IP address and what sort of a security risk this presents.
I’d appreciate any input.
Cheers:-)

2

None!? If everything is on your internal network there’s no risk. From where do you forward port 8080?

3

I have to have 8080 open on my external IP address for the Blynk server to receive the IFTTT webhook. That’s the only way I found for Google Home to be able to control my project…

4

There’s no risk at all, so far so good, you’re using Blynk cloud which is already safe and secure :slight_smile:

5

But I am not using the Blynk Cloud, it is a local server. Maybe there is another way that I don’t know about. I could use the Blynk server directly but I am experimenting with what can be done with the local server and still access from outside my network.

6

That’s not true. There is a risk attached to having any port open on your network and having it port forwarded to your server.
That’s not true either…

@Roger_Red I’m guessing that you also have port 9443 open to allow your app to talk to your server when your phone isn’t connected to your home network?
If you look at the bigger picture then IFTTT probably presents a bigger and juicer target to hackers. If they can gain access to that then they can cause all sorts of mischief to people around the world. Obviously that is outside of your control, and hopefully they have better qualified people than us looking after their security :thinking:

You could explore whether or not IFTTT offer a simple to implement SSL option.

Pete.

2 Likes
7

Thanks Pete, you are right about 9443. So two ports being forwarded to a local Blynk server are not unheard of? I really like the idea of voice control of my ESP32 projects :slight_smile:

8

I agree with that sir.

9

Elsewhere I wrote this a while back:

I had some concerns about the Blynk security on my own server so I did two things that basically eliminated all unwanted traffic.

  1. I changed the port forward in my router to a less obvious (incoming) port number (not entirely true, but basically any port number above 10.000)
  2. I did a whois (ripe.net) query to find out both my ISP and phone providers IP-range that could be assigned to my devices. I added those numbers to an ip tables rule on the server that looked something like this:
    iptables -A INPUT -p tcp --dport 8442 -s 46.194.0.0/15 -j ACCEPT
    iptables -A INPUT -p tcp --dport 8442 -s 94.234.0.0/16 -j ACCEPT
    .
    Then I created a ( ip tables ) chain that handled the logging and rejection.

Makes it less obvious :slight_smile: