[Freedombox-discuss] public + private http services
On 07/15/2013 02:53 PM, Nick Daly wrote:
> Which private network do you mean? I can think of two:
> 1. The internal network (intranet) that my FreedomBox runs on (the
> home network, with IPs usually in the range of 192.168...).
> 2. The private network produced by my authenticated friends connecting
> to my FreedomBox to use services I provide.
> 1 is easy: we're serving services on the internal network, so we can
> ignore the larger Internet all together.
I was talking about the internal 192.168... network. How do you make
sure some http services are only visible on the internal network - while
other services are visible on all networks?
The context of my question is this p2p webrtc chat application:
https://github.com/mehrvarz/rtcchat / http://mehrvarz.github.io/rtcchat
This service merely helps two browser instances connect with each other
(and then continue in pure p2p fashion). You can think of this service
as something being hosted by, say, riseup.net. You can also think of it
as something, that is running on your home server. In the latter case
you could add features, that wouldn't make much sense in the former
configuration. For instance you could make the server ring as if it was
a telephone. You could then grab your tablet and "answer the call". You
could also add internal-only services. Say, a service that would show
you all waiting clients, etc.
I tend to make all services available on the same port and to make sure
"in code", that some services will only respond to request coming from
the internal network.
> 2 is more difficult but can be accomplished through a number of tools
> like SSH forwarding, Tor Hidden Services, or GNUnet applications. In
> that case, you're looking to authenticate the user before providing
> the service. In case 1, authentication was assumed by the fact that
> the user was on your network (assuming your network is secure...).
> Different use cases could require different methods, and we'd better
> make sure we plan for supporting at least one of the common methods
> for v2, at least. Jonas, could you put up a wiki page detailing your
> thoughts on the goals of first few releases? I think they're pretty
> much what I was thinking, but they might be a little more developed.
> On Mon, Jul 15, 2013 at 5:31 AM, Jonas Smedegaard <dr at jones.dk> wrote:
>> Good idea to try map out what are best practices for different contexts.
> Jonas, I concur! I think the mailing list might be a good place for
> discussing the ideas though, a more permanent wiki page seems
> appropriate when we have more solid solutions.
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org