[Local Blynk Server] Safe port forward

hutje · October 31, 2016, 8:50pm

Hi,

Is there a way to stop creating new accounts?
I want to make my Raspberry Pi accessible from outside my house, and not need to connect everytime to my vpn before opening the Blynk app.
But when I use a port forward to access my Blynk server, anyone who has my ip-adress can create a new account, which I don’t want.

I tried putting this command inside op the server.properties file but this did not work so far.
allowed.users.list=allowed1@gmail.com ,allowed2@gmail.com

Anyone experience with this?

EDIT1:
Sorry my bad. It did work. But now when I try to make a new account it says: “Network error occured. Please check your connection.”
But when I log in with my own allowed account, I logs in just fine.

EDIT2:
Do I need to make my own certificate, to ensure safety? The only ports that are forwarded are 8441, 8442, 8443…

Dmitriy · October 31, 2016, 9:16pm

Is that iOS?

Dmitriy · October 31, 2016, 9:17pm

Yes. 8441 and 8443 are ssl ports. 8441 - hardware ssl/tls, 8443 app ssl/tls port.

hutje · October 31, 2016, 9:18pm

Yes. I when I login with the allowed account I can login just fine. But the other account I want to make, it says [quote=“hutje, post:1, topic:9180”]
“Network error occured. Please check your connection.”
[/quote]
Which is just fine, but it was not clear for me.

hutje · October 31, 2016, 9:20pm

http://www.selfsignedcertificate.com/
Can I make the certificate on this site?
Sorry I don’t know the basics of ssl and certificates, only that these files can make ports safe…

Dmitriy · October 31, 2016, 9:22pm

Dmitriy · October 31, 2016, 9:23pm

Well, If you worry about security you have to know

hutje · October 31, 2016, 9:57pm

Not sure, but got an error…
This is what I used: ./certbot-auto certonly --agree-tos --email rxxxxxxxx@hotmail.nl --standalone -d hotmail.nl

Error: urn:acme:error:rejectedIdentifier :: Policy forbids issuing for name

hutje · October 31, 2016, 10:56pm

I now have used the example from the docs.blynk.cc page.

Create key
openssl genrsa -out server.key 2048
Create new cert request
openssl req -new -out server.csr -key server.key
Generate self-signed request
openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt
Convert server.key to PKCS#8 private key file in PEM format
openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem

 server.ssl.cert=./server_embedded.crt
 server.ssl.key=./server_embedded.pem
 server.ssl.key.pass=xxxxxx

Is there anything else I need to do now?

Lichtsignaal · November 1, 2016, 8:54am

No, that should be it. I use self-signed too. So far no chinese hackers have switched on my lights