A Guide To Safe Remote Access of OctoPrint

There is now a plugin named Ngrok Tunnel in the plugin repository that creates a secure alternative to port forwarding that is easy to set up. It secures your communication with SSL (HTTPS) and Basic Authentication (username/password), and does not require you to open up your network in any way.


@fieldOfView Also now added to the post :+1:

I recently started using remote.it to access my octopi and home automation r-pi.
It’s free for up to 10 devices and seems to work very well. I found it when I was searching for a way to get into my home network through my Starlink connection. It uses an encrypted P2P connection so I think it’s pretty safe.
Does anybody know of any reasons this would not be a safe option?

I'll post here as well.

I stumbled on this https://www.authelia.com/ and set it up to get a bit more secure.
If I'm going to access my octoprint external I need to use 2 factor login.
I'm running my HAproxy on my router ( pfsense ) so I haven't tried to set it up locally.

Rocking a Swag And Authelia (runing in containers) with 2FA (when connecting outside of my network) i also have GeoLite2 setup . I Also have a Wireguard VPN.

Thinking about adding Cloudflare in the equation.

I am sorry to bother you all but I am very new to Information tech like SSH and all that fun stuff. I am curious though. If I only have the octo print instance on my local network, is it accessible to everyone who has my IP address the minute I plug it in? I didn’t enable the SSH option. So I am unsure if is should be worried or not.

No you are absolutely fine. Your IP address you use to access OctoPrint is a private IP that only works while you are connected to your local network. In order for it to be openly accessible on the internet you must take additional steps than just installing OctoPrint.

SSH enables access to the console on the Pi, but still only through the local network only - it's a useful tool for troubleshooting or maintaining the system. Again, unless you have explicitly opened up SSH to the internet (this is not something you can 'accidentally' do), it is not accessible to anyone else.

Thank you I setup useing a reverse proxy and I didn't think about the rate limiting that was useful advice :slight_smile: