<div dir="ltr">Sorry I missed the presentation. I had to run to a doctor's appointment and couldn't get back in time.<br><br>Wanted to add a few things to these links (although I may be missing a bit of context).<br><br>For HTTPS on your local network, I would be cautious with Cloudflare Tunnels. <br>You're essentially poking an outbound hole in your internal network instead of port forwarding, so be aware of the security considerations here. <br>Also, because CloudFlare controls the certificates for the SSL tunnel, they can/will read your traffic, if not only to manage it properly.<br><br>I actually use Cloudflare (right now) for my website DNS, DDOS protection, and email redirection, but after the recent debacles from a business perspective, I'm going to be switching away from their services, even though they're basically free for me right now.<br>The way their sales team has been acting, and the lack of public leadership accountability and transparency is pretty scary. <br><br>For background:<br><a href="https://www.youtube.com/watch?v=7LuwPdp-_4c">https://www.youtube.com/watch?v=7LuwPdp-_4c</a><br><a href="https://robindev.substack.com/p/cloudflare-took-down-our-website">https://robindev.substack.com/p/cloudflare-took-down-our-website</a><br><a href="https://www.youtube.com/watch?v=0YcnKfT_ESs">https://www.youtube.com/watch?v=0YcnKfT_ESs</a><br><a href="https://www.youtube.com/watch?v=ycJGIKLE9hg">https://www.youtube.com/watch?v=ycJGIKLE9hg</a><br><br>Instead, you may want to look at using LetsEncrypt for a free SSL certificate, and use a reverse proxy (like Nginx) to expose and manage the SSL connections to the application.<br>If you're using containers, you could use something like Traefik: <a href="https://traefik.io/traefik/">https://traefik.io/traefik/</a><br><br>---<br>Again not sure about the context with mDNS, but for local server name resolution, PiHole can do this. <br>There's a Local DNS option, where you can easily add a DNS entry that resolves to your local IP. <br>I use this for a ton of my internal applications.<br><br>On top of that, if you're running PiHole for your DNS resolution, you can customize a lot of settings for pulling external resolution, and block ads and other malicious sites from blacklists. <br>Highly recommend, and you don't have to use a Raspberry Pi to do it. I have PiHole running as a container on my NAS, but you can install it manually as well.<br><br><div>---<br>+1 for Shiv- I've used it in production to turn our Python scripts into an executable.<div>Alternatively, you could containerize the application with a Dockerfile, so you have all of the dependencies built into one image.</div><div><br></div><div>Cheers,<br>Jason Paul<br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 3, 2024 at 11:24 PM Andres Vargas - zodman <<a href="mailto:zodman@gmail.com">zodman@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Q: How do you think you could enable https for local network?<br><br>I suggested in the meeting today the HTTP local tunnel.<br><br>I mention this: <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/" target="_blank">https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/</a><div><br></div><div>That enables a URL like <a href="https://mymachine.mydomain.com" target="_blank">https://mymachine.mydomain.com</a> to point to your local host or IP address. with a proxy, and exposed to internet.</div><div><br>here are a bunch of similar solutions<br><a href="https://github.com/anderspitman/awesome-tunneling" target="_blank">https://github.com/anderspitman/awesome-tunneling</a><br>The first software making this was called ngrok and it was popular!<br><br>Q: how fix mDNS for not being slow?</div><div><br>mDNS is stupid slow. xD, It is like a printer discovery protocol.<br><br>Instead of using mDNS, why not use dynamic DNS with ddclient[1]<br><br>You could have <a href="http://machine1.pioreactor.io" target="_blank">machine1.pioreactor.io</a> pointing to the local IP network like 10.0.0.1 and updated on every boot.</div><div><br></div><div>Or create your own protocol for support offline. <br><br>[1]: <a href="https://ddclient.net/protocols.html" target="_blank">https://ddclient.net/protocols.html</a><br><br>Q: update software should I use deb ?<br><br>I think the release should be by image release. You could warranty it works on every raspberry pi, and implementing a deb file could be messy. <br><br>Another possible solution is to could package your Python application using the PEP 441[2]<br><br>There are some interesting packagers like shiv <a href="https://shiv.readthedocs.io/en/latest/" target="_blank">https://shiv.readthedocs.io/en/latest/</a><br><br>Check this pyempaq. It's from a friend.<br><a href="https://github.com/facundobatista/pyempaq?tab=readme-ov-file#how-pyempaq-relates-to-other-similar-tools" target="_blank">https://github.com/facundobatista/pyempaq?tab=readme-ov-file#how-pyempaq-relates-to-other-similar-tools</a><br><br>Here a video explaining how to make the perfect deployment with shiv.<br><a href="https://www.youtube.com/watch?v=Jzf8gTLN1To" target="_blank">https://www.youtube.com/watch?v=Jzf8gTLN1To</a><br><br> <br>{2}: <a href="https://peps.python.org/pep-0441/" target="_blank">https://peps.python.org/pep-0441/</a> </div></div>
_______________________________________________<br>
kwlug-disc mailing list<br>
To unsubscribe, send an email to <a href="mailto:kwlug-disc-leave@kwlug.org" target="_blank">kwlug-disc-leave@kwlug.org</a><br>
with the subject "unsubscribe", or email<br>
<a href="mailto:kwlug-disc-owner@kwlug.org" target="_blank">kwlug-disc-owner@kwlug.org</a> to contact a human being.<br>
</blockquote></div>