Controlling a Raspberry Pi’s GPIO over the network

[Parth]

Hi

I want control  a Raspberry Pi’s GPIO over the network.  I did search on google. There are many tutorial available I think this link may be helpful http://davstott.me.uk/index.php/2013/03/17/raspberry-pi-controlling-gpio-from-the-web/   I looking help with this tutorial

I have already installed Apache server on Pi so Now  I think, I need only HTML and Python program only

Code: [Select]

<html>
<head>
    <title>Hello from the Pi</title>
  <script src="//ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js"></script>
  </head>
  <body>
    <h1>Hello world from the Raspberry Pi</h1>
    <form>
    <input type="button" value="On" onclick="go('w')" style="font-size:200%;"><br />
    <input type="button" value="Off" onclick="go('s')" style="font-size:200%;">
    </form>
    <script type="text/javascript">
      function go(qry) {
    new Ajax.Request('doStuff.py?q='   qry,
    {method: 'GET'}
        );
      }
    </script>
  </body>
</html>

Python file

Code: [Select]

#!/usr/bin/pythonRoot
# bring in the libraries
import RPi.GPIO as G     
from flup.server.fcgi import WSGIServer
import sys, urlparse

# set up our GPIO pins
G.setmode(G.BCM)
G.setup(18, G.OUT)

# all of our code now lives within the app() function which is called for each http request we receive
def app(environ, start_response):
  # start our http response
  start_response("200 OK", [("Content-Type", "text/html")])
  # look for inputs on the URL
  i = urlparse.parse_qs(environ["QUERY_STRING"])
  yield (' ') # flup expects a string to be returned from this function
  # if there's a url variable named 'q'
  if "q" in i:
    if i["q"][0] == "w":
      G.output(18, True)   # Turn it on
    elif i["q"][0] == "s":
      G.output(18, False)  # Turn it off

#by default, Flup works out how to bind to the web server for us, so just call it with our app() function and let it get on with it
WSGIServer(app).run()
Can someone help me with above program

[mbless]

You already started this a thread for this. Don't start another one!

https://www.eevblog.com/forum/microcontrollers/raspberry-pi-controlling-led-over-internet/

[Parth]

You already started this a thread for this. Don't start another one!

https://www.eevblog.com/forum/microcontrollers/raspberry-pi-controlling-led-over-internet/

hey mbless if you see both threads there is difference between both of them

This thread  created to understand the basic part of programming in given link 

[rstofer]

I thought the author of that linked tutorial used lighttpd for the web server.  There is every possibility that using Apache would be a mistake.  Apache has a TON of built in security some of which may make the project more difficult.

I haven't built the project but the tutorial seems complete except for the discussion about the router.  Since there are many routers, perhaps the discussion does belong elsewhere.

If you built the project as shown, I would expect it to work from your LAN.  Your PI will need a static IP address, DHCP won't work because:  When you poke a hole through your router, you need to tell the router which port to use and the internal IP of the server.  It needs to be a fixed IP.

From the WAN, you need to use the browser to connect to your outside IP address.  The default port is 80 and you might as well leave it that way.  Do be aware that there is no authentication so anybody with nmap will find your open port and ultimately gain access to your web page.  From there, it will only be a matter of time before they break through the PI and gain access to your entire LAN.

I don't trust cable modems/routers to do the right thing in terms of quarantining a section of the LAN.  If I wanted to do something like this, I would use a better router between the cable box and my LAN/server.  I played with Smoothwall several years ago and it does a nice job of protecting the LAN.

http://www.smoothwall.org/

There is a lot to learn when discussing firewalls and I'm not the one to talk to.

As to your post, you don't say what is not working.  The tutorial is a step-by-step approach and, AFAICT, each step can be tested as you go.

[nfmax]

You can use Node-RED, which is included in the default Raspbian distribution, to do things like this very simply - it's the kind of application Node-RED was designed for.

Node-RED https://nodered.org is a graphical, flow-based programming system for 'wiring the Internet of Things', implemented in NodeJS. The IDE runs in your web browser. If you do want to try it, please check out the Raspberry Pi specific sections on the web site, as the distributed NodeJS version on Raspbian is rather ancient.

[woody]

From there, it will only be a matter of time before they break through the PI and gain access to your entire LAN.

Amen.

A better better solution is via a VPN. Maybe your ISP's router offers this out of the box and otherwise install the suggested Smoothwall/pfSense/IPCop with OpenVPN. Then from the outside you set up a secure VPN connection (using OpenVPN/SecurePoint) to your network, after which you just connect to the RPi on your LAN, at its private address. No open ports, no forwards, no waiting till you get hacked via the RPi.

[paulca]

From there, it will only be a matter of time before they break through the PI and gain access to your entire LAN.

There is a lot to learn when discussing firewalls and I'm not the one to talk to.

Tin foil hat?

I ran a public Apache server for 10 years with much more volatile stuff on it than the OP.  Escalation to shell bugs are rare.  The only security breach I had was through miss configuration.  (Enabling "PROXY" mode, instead of REVERSE PROXY mode.  Proxy mode enables the HTTP CONNECT method allowing people to use your server as a relay to others.  I noticed the bandwidth being used and corrected it quickly.  I didn't get breached, but I was being used as a proxy for a few hours.

As to routers, they are safe as they require NAT.  NAT effectively prevents any route into the LAN which has not been administratively configured.  Using a routers "port forwarding" or "virtual server" mechanisms is perfectly safe.  The reasons to install something like Smoothwall et. al. is when you configuration gets more complex.  I once tried to insert a range of 10,000 ports in my router "virtual server" for gaming and ... it iterated and added 10,000 rows!  I had to hard reset the router to get rid of them.    If you have a more advanced config it pays to use the "Bastian Host" or "DMZ Host" setting in the router to forward ALL incoming ports to that box.  This box then MUST be a firewall running machine.

On the OP's question.  To do something this simple you can just use a basic TCP Server and handle the HTTP requests yourself.

Alternatively look up "Basic REST API in python" and go that way.

You don't need the CGI based library to interupt basic HTTP get query strings.  String searching and parsing will do for most basic things.

Alternatively, just don't use HTTP at all.  Just send raw data over TCP.

[paulca]

https://github.com/projectweekend/Pi-GPIO-Server

[woody]

Tin foil hat?

I ran a public Apache server for 10 years with much more volatile stuff on it than the OP.  Escalation to shell bugs are rare.  The only security breach I had was through miss configuration.  (Enabling "PROXY" mode, instead of REVERSE PROXY mode.  Proxy mode enables the HTTP CONNECT method allowing people to use your server as a relay to others.  I noticed the bandwidth being used and corrected it quickly.  I didn't get breached, but I was being used as a proxy for a few hours.

I disagree. IMO in this day and age this is no tinfoil hat matter but just standard safety precaution. Like wearing a helmet or a seat belt. An RPi, albeit small and slow, is a full-blown Linux computer. As a user I don't have a clue of all the software it runs and whether that software is safe or not. To connect such a device to the internet and hoping that it won't be hacked is wishful thinking at least.

And the solution is simple, cheap and effective. Use a VPN connection to gain access to your network from the outside. Many routers support this out of the box. One closely monitored entry point into your network. From there on you can then toy to your hearts content connecting all kinds of network devices without ever having to open up and forward any ports from the outside. And without having to question the security settings of these devices.

A no-brainer.

[paulca]

You have to question the security of the VPN though.  You also have to question the security of the router and it's patch level.  Then there are the complication with VPNs, IP address ranges, network address translations, public/private internal, global, external.  I know that your router will take care of this for you, mostly.  Then every device you want to access this from has to have the VPN software installed with the correct keys etc.

A common-or-garden router will have known exploits, including in their VPN components.  As there will be (potentially) millions of these devices out there automated bot net scanners will be looking for them. 

I do have an understanding of most of what is running on a PI and at start up from default it's fairly light on processes and nothing on there concerns me greatly.

Using a firewall beyond your router is a paper screen, you still have to ultimately forward the port.

Apache (httpd) is fairly benign as long as you don't do anything stupid in it's config and keep it updated.

If you run a telnet daemon and forward the port to it, all bets are off.

If you are really paranoid, then DMZ the PI.  Add it on a separate address range and put a firewall between it your LAN.  But really there is no need. 

It also depends on what you are running on it.  If you are running some form of controversial, activist, semi-illegal, aggrevative or hacker/security blog then you might be a prime target for specific attack.  If you are running a hobby server that won't offend anyway and won't even get listed on google searches then people have better things to hack.

Never, ever challenge hackers.  They thrive on that, "Your secure? Really?  Watch this."