If you want to do this in a web centric way then you're going to want to do a self-signed cert and use HTTPS to either the standard port (443) or something non-standard.
The two other alternatives would be:
- run encrypted VNC (i.e. tunnel over SSH) to your computer at home
- OpenVPN
I use both methods but for general purpose encrypted access to your net, OpenVPN wins the day. Its the only full VPN solution I use and recommend. Some routers also support it but the way I deploy (to maintain router agnosticism) is with a software appliance (i.e. a VM).
OpenVPN has clients for everything which is one of the main reasons I recommend it. I've got clients that use from iPads to access Windows (Samba) shares and I use it routinely use it to access VNC consoles and device web admin screens like LAN printers on my Nexus 6. I've also streamed my raspberry pi security cam and content on my mediatomb media server.
Its also very flexible- true story... once upon a time on a Carnival Cruise, my OpenVPN access got blocked (on their expensive and horrible internet service but I digress) and while I was getting them to remove that block my business partner and I, over email and IM, built another config to run OpenVPN over tcp/443 (standard web port) instead of the default udp/1194. Carnival eventually removed the block but the lesson was learned- I keep another OpenVPN instance running in case I'm somewhere where the firewall is not OpenVPN friendly.
In the long run OpenVPN is going to be the easier thing to setup and maintain because it does exactly what you want- extending your net to wherever you are and on the device you want.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
From: "Louis K" <louis.kratz@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Friday, August 28, 2015 8:50:44 AM
Subject: [PLUG] Securing Web Site for External Traffic
Hey Pluggers,
I've got a simple website running behind my firewall for administrating our various web-based devices and services (dvr, baby monitor, etc). I'm thinking about forwarding port 80 on my router to make the site accessible from outside our home network.
What are people's opinions of the best way to secure such a site? I think the easiest would be http auth with user/password, but is that "secure enough"?
I was also thinking about a vpn solution but am admittedly pretty green with that stuff and would need it to work on different platforms (iOS and droid).
Lou
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug