Accessing OctoPrint from anywhere?

What is the problem?
I want to access my OctoPrint (running under Windows 10) from anywhere !

What did you already try to solve it?
I have set it up so I can access it via browser from any of my machines on MY network

But how can I do it from anywhere where I can get access to a browser ?

Hi there :slight_smile:

No offence but if you don't know how to do it yourself then you sould overthink if you want to put something like a 3D printer public available on the internet.

If you still want to do it search for port forwarding in general and maybe specific for your router.
Also here is a guide to this topic: A Guide To Safe Remote Access of OctoPrint

1 Like

As I write "I want to ..." ... of cause I'm not wanting to expose my printer

I would assume the logon procedure in Octoprint is secure enough - do I hear you saying it isn't ?

OK, then I have to consider installing something from the link you gave !

Last year some website published the IP addresses of about 3,000 OctoPrint instances which were using port forwarding. I personally controlled several from the list just to verify the claims and to attempt to determine the vulnerability.

So research this forum and read the many posts that we've made concerning the subject.

I can tell you from experience that attempting to run a print job remotely is just dangerous (at least for your printer's safety). There are times when the hotend just breaks loose a part and all hell's going on. If you're not there at home to hear the crunches and slamming and odd noises then bad things are happening remotely.

At most, I might give a talk where in front of some audience I'm remote-controlling my printer and running some small print job that will finish within that time frame.

OutsourcedGuru
How did you "Go a round" the logon on thiose you tried of the 3000 ?

What I'm after is controlling my printer from anywhere - SEE (by camera) what's going on AND eventually turn it off if anything seems wrong - that's an OK request,I think - right ?

But tell me your oppinion on the safety of the OctoPrint logon procedure ?

I know what you're after. I own a 3D printer and I could have guessed as much. In my humble opinion, perhaps the easiest/safest approach to remote-controlling your printer is merely remote-controlling a local computer you have there in your network and then controlling the printer from that session. If you have a MacBook you're looking for "Back to my Mac" which is a built-in feature. In this way, you're not punching holes through your firewall and creating places through which hackers can crawl through. I'd consider this #2 on the best-practices list. Apple has done all the work in providing a secure way of remoting in and I'm sure they've paid people to try to hack around their best attempts.

The actual #1 best-practice method which I would have put in place while an I.T. Manager for decades would be something called a VPN (either using hardware or software). So you're in Starbucks on your MacBook let's say, you connect to their wifi, click the VPN feature and suddenly it's as if your laptop is now at home. Jump into your browser and you're easily controlling your printer. Again, VPNs are industry-standard and I know of no way of hacking around their security.


Now, onto "other methods". These generally fall into the realm of port-forwarding of some kind and include those options of using proxies and even client certificates to tighten down who-may-visit. A proxy can help to limit what things the remote person may do. A client certificate restriction limits things to who can do it and is very effective.


For that collection of 3,000 on the list, at least 90% of those didn't even have User Access turned on. I was able to fully-control their 3D printer. And yet, the remaining still presented me with a login page on their remote printer. Remind yourself that OctoPrint is open-source as well as Debian, the underlying operating system upon which it sits. So is the OctoPi-creation process which places files on the system to allow the pi user to perform some actions without providing a password to become root.

Now imagine for a moment what someone like myself with four decades of computer experience might know. Or how about someone with some script that they downloaded from some hacker website? I'm not going to teach anyone here how to hack the login page of OctoPrint nor should I need to in order to "save the world" of 3D printing.

Think of login pages as you do the standard lock on someone's front door. It's secure, right? But they're not secure against someone with a bump key and a little time. A door lock will keep out a reasonably-honest person. It's not designed to be secure against someone who doesn't care about rules. Remind yourself that a hacker is someone like this.

My opinion of the login page's ability to secure you against a motivated hacker is perhaps one on a scale of five (the same for home locks). Client certificates is at least a four on that list.

To weigh in on this: I'm currently not aware of any vulnerabilities that would allow j random cracker to gain access to arbitrary octoprint instances with enabled access control in current releases. I still do not recommend to put your instance online as is. I do my best to keep stuff secure and that seems to be fairly good so far, but I still wouldn't put my own printers publicly accessible on the internet, and neither would I put my paper printer or my fridge or my home assistant instance. There are simply device classes that don't belong on the public net, not even with enabled access controls, since physical ownage is just one 0-day away.

Look into VPNs or one of the cloud solutions. Those also don't open up your server to a DOS attack like a port forward would.

1 Like

Just this week I read a paper about something called "HTTP Desync attacks". It was yet another facepalm moment in my life.

Can I suggest something easier? AnyDesk for example?

Let's just stall this project - I've got the message: "DON'T do it !"

So now I'll get it to work "in house" in the first place ... later I maybe want to access it from "anywhere" !

Thx for your comments and time for now !

I don't get this group. If someone asks how to do something why not just answer, if you know? The pitfalls of actually doing it could be mentioned at the end but to go on a rant about whether or not he does it is simply time wasting and really not helpful.

So you saw the second post where I literally did what you said?
Maybe you should read the thread first before posting things like that.

1 Like

I have read the thread and it hasn't changed my opinion. The 'no offence' comment prompted my response. Most questions are from folk who 'don't know how to do it' themselves, or they most likely wouldn't be asking the question.

And that is the reason we don't let them run into open knifes. When they get hacked, they get into real panic.
And the "you have been warned" is not good enough for us. We take care for each other. If someone really want to do the risky way: There are other forums.

3 Likes

@bbc0 What if your child asked you what's the best way to buy an automatic weapon? Would you merely answer the question or would you throw all sorts of caveats and push-back? This is—from a technical standpoint—about as dangerous.

The answers are here and a great link was provided in the second post (first response).

The original poster has self-labeled as a brand new OctoPrint user and by the quality/quantity of his posts it seems—no offense to him—that he has some homework to do in learning how everything works. We all began as beginners of course. But as experts we then recognize what it sounds like to hear noob-speak and then make sure that they won't take unnecessary risks.

2 Likes

I don't recall and questions regarding firearms, just how can I access a 3D printer remotely.......

Yeah ok. I think it's the best if we stop the discussion at this point. I suggest that you search for a better forum where people give answers as you like them.

2 Likes