First. Blynk local server is amazing. Many, many thanks to the team.
Okay, security. I’m definitely a linux newb, but I’m running Blynk server on a fresh vanilla rasbian install, the pi is connected to my internet-facing home router and I’ve set a static local ip and I am Not doing any port forwarding (yet. let’s just stick to securing this for now). I’m using my server to manage several yun’s around the house- with a few old android phones running the Blynk app- and I’m curious what kind of things I should do besides changing my raspberry pi login id/password to be more secure. Something with the phones? Should I have the server / data logging from a separate folder from my home folder/do I need to change my home folder accessibility? And I’m very open to any other suggestions.
Data logging. I’m logging temperature and humidity values on virtual pins 1 and 2 and I’ve found the .csv file these values are being logged to… Is there any way I can change the frequency these values are recorded? And do I need to specify which v pins are being logged, or will Blynk automatically record any virtual pin activity (including button presses?)?
Last, random question:
What value does one put for “my_host” in the blynk sketch? I’m using my raspberry pi local IP, but I’m curious what my_host actually means?
Your Pi is as secure as you make it. If you don’t do any port forwarding there is practically zero risk. If you are gonna forward the ports you need to make the SSL certificates. Getting real SSL certificates is of course always preferred, but they cost money and you have to own your own domain and static IP address.
Blynk connections to the App are SSL secured, so there is not much to do on your phone. The hardware is the biggest issue because most micro controllers don’t talk SSL.
As far as logging, it really doesn’t matter where you put it. It just has to be accessible for the user running the server (I just hope you don’t run it as root ). That should be enough to be secure. It’s more a matter of practical stuff where you your logfiles. I’ve put them on a USB disk on my Pi because that has the most storage.
You cannot change those values. I can be pretty short about that. Maybe that feature will be in Blynk in the future, but that depends on the awesome dev-team they have.
As for the last random question, I don’t know what you mean by that, but I guess it has to do with the Pi example and I haven’t gotten around to use that because I only received my Pi this afternoon in the mail
Sorry, @Lichtsignaal but I don’t agree here . Paid certificates absolutely are same as own generated certificates. the only difference - paid are registered in public Authorities DBs and your own - not. From technical point of view they are totally equal.
No. You can either turn off this feature (csv recording), either log everything, either limit writes on hardware side.
In case you have a domain name, you may use it instead of IP address.
No. If YUNs and server are within your local network there is no need for secure connection between Yuns and server. For Ethernet - for sure. For Wi-Fi - it depends on how strong your Local network is. For instance if you are using WPA and WPA2 (I suppose you have wi-fi, right?) - you are ok and don’t need secure connection between YUNs and server.
But as server distributed with public private key for build-in certificate for “Server → App” connection you may need to provide own certificate to avoid MiM attack.
). That should be enough to be secure. It’s more a matter of practical stuff where you your logfiles. I’ve put them on a USB disk on my Pi because that has the most storage.
. Paid certificates absolutely are same as own generated certificates. the only difference - paid are registered in public Authorities DBs and your own - not. From technical point of view they are totally equal.