Hello
My goal is to setup some method of toggling a switch that ultimatly starts a game server on another server.
This is already complete with a switch that triggers a rule that calls MCRemote.sh, a script containing a ssh command to do the work.
So my question is: what is the best and reasonably secure way to trigger this switch or some other method of starting a remote server. This would only be given to <8 friends so not public. However, I’m looking for a solution that is easy to use and non technical to the end user.
My Ideas:
Create a sitemap and use a free dns to point to that sitemap URL then give my friends a username and password. I like this cause I could probably do this in under 10 mins, but you can jump to other sitemaps. (single user, multi login basically)
Create a simple website on the pi where using some web element calls a script that starts the server.
Use an Http request. Probably the best way but not sure how to easily ship that to a friend.
Or for a clunky method use Tasker on my phone to filter “server” from txt messages then have Tasker send a Http request to openhab. Works but phone dependant.
Some other awesome method the community comes up with <<<<<<<<<<<<<<<<<<<<<
Probably the most secure solution would be to set up a VPN. Your users would then connect to the VPN which would put them on a network where all they can see is the interface to kick off the game server and to reach the Game server itself. This would let you avoid exposing anything but your VPN connection to the Internet, let you authenticate your users through the use of keys, and make everything encrypted.
It might be a little bit of a pain to use but not overly so. Using OpenVPN you can create a config file that includes everything needed to connect to your server including the certs. They would just have to open it with the OpenVPN client and connect.
If you don’t want to use OpenVPN, Hamachi is easier to set up and use.
This is how I would do it.
If your users are IFTTT users you can give them my.openhab accounts and set up a Do recipie to toggle your switch. You can even configure your my.openhab persistence file to only share that one Item with IFTTT. This has the advantage that you are not directly exposed to the Internet at all but it does make you reliant on third party cloud services and you will have to help your users set up their own Do recipies. Clunky but less so than your Tasker solution. And they will all have access to your sitemaps as well.
An approach similar to your Tasker idea, but without the phone in the middle can be to use the Pushbullet binding (unofficial but posted here in the forums if you look), the Asterisk or FreeSwitch binding (would require a SIP service but your user can call a number to trigger the switch), the CalDav binding (they invite your calendar to an event which triggers the switch), or MailControl (requires the body of the email to be in JSON format) can be used by external users to publish a message that OH uses to toggle the switch.
Again with IFTTT you can use the SMS trigger on the Android channel to receive a Text message and use the My.Openhab channel to toggle the switch.
Really, any of the IFTTT channels that let you receive and react to a message (e.g. Twitter) can be used to set up a recipe to trigger the switch through the my.openhab binding.
At the end of the day, unless you really know what you are doing and you have good protections in place (e.g. an Intrusion Detection System like Snort) and/or actively audit your logs, I do not recommend putting any old web page you serve yourself on the Internet.
