You can use this service to publish your home web-based resource on the Internet under a publicly-accessible URL.
In order to use this service you need:
- a functioning VPN tunnel from your home network (housing the resource to be published) to VPNKI server
- a routing rules from VPNKI server to you device
- a mapping between a publicly-accessible URL and an address on your home network. This mapping is set up on a special web page in our web interface.
Suppose you have a web camera on your home network with an IP address of 192.168.1.2 and you can view its feed by opening URL http://192.168.1.2
Your VPNKI account is garage110 and you have a working VPN tunnel to our service over any supported protocol (PPTL, L2TP, OpenVPN).
Important! Check that you can ping your internal addresses, including 192.168.1.2 from the “Tools” VPNKI web page. If not please check routes on VPNKI server and your devices.
In that case you can publish your camera web interface with a publicly-accessible URL garage110-XXXXXXX.vpnki.ru
Where you can set XXXXXXX to be any word (of any length) containing latin characters. For example, “camera”.
This way you can reach your camera from the Internet using domain name garage110-camera.vpnki.ru
Originally you are the only one who knows the required domain name, but you can share it with whomever you see fit. Anyone knowing the name can access the camera without setting up any additional VPN tunnels.
In addition to the domain name mapping you can also specify:
- Internet-facing connection type: HTTP or HTTPS (defaults to HTTPS)
- non-default port in your home network, for example 8080 (if your camera interface is reachable like that: http://192.168.1.2:8080)
- internal protocol type (HTTP or HTTPS) to connect from proxy to home devices
We recommend using HTTPS as Internet-facing protocol. In that case publicly-accessible URL will take the following form: https://garage110-camera.vpnki.ru/
In case your internal port is different from 80 (say, it’s 8080), it has absolutely no effect on the publicly-accessible URL. That URL will still be https://garage110-camera.vpnki.ru/ and our system will do port translation.
Level 2 Domain Publishing
Starting February 10, 2018, we provide the opportunity to publish a resource located on your home server under a second-level domain name. This will work if you have your own domain resource (of the form my_blog.com) and can redirect traffic to this address to our IP address. (Having registered the address 188.8.131.52 in the DNS settings).
In this case, access from the Internet to the address http: // my_blog.com will be carried out on the IP address of our server, where we will direct this traffic to your computer or server where the content is located through the established VPN tunnel.
In this case, you can not pay for hosting, but pay only the domain name from your provider. In this case, the web server will be located on your home computer.
The setting of this feature is similar to the previously described, but it is carried out in a separate menu item of your personal section. If you want to use this feature, contact us for additional instructions.
In addition, we note that when accessing your domain name from the outside using the https protocol, our system has the ability to install your certificate. In this case, an external contact with your domain name will be protected by your certificate and the connection in the browser will occur without warning about the mismatch of the name and certificate. For more information, please contact VPNKI system administrator.
Beta testing specifics
During beta-testing we will use a self-signed certificate to accept incoming HTTPS connections (for publicly-accessible URLS starting with https://...). This certificate will not be accepted by your browser by default.
To proceed with the connection you will have to accept this certificate regardless of the browser warnings.
When the testing is over we will replace our self-signed certificate with one issued by universally-trusted certificate authority and the warnings will be gone.
We provide URL publishing service only upon acceptance of its Terms and Conditions postulating that you don’t use the service to publish any unlawful content.
Also please note that ensuring security of the service being published is solely your area of responsibility and we can’t be held liable for that.
This service has certain technical limitations that may or may not affect you use case. Since the technology used is actually “reverse proxy”, you are in fact not accessing your home web server or IP camera directly but rather your server that downloads the pages on your behalf from the real server and resends them to you for display in your browser window.
For this to work our system has to rewrite HTTP headers changing the hostnames or IP addresses in the packets that it resends. So upon receiving your request from the Internet, our server rewrites the headers to make this request appear as if it’s sourced from within you home network and relays it to the target server. Then our server processed the response from your server in a similar fashion. Please note that HTTP body is not altered in any way, only the headers are.
If cookie files are in use, then they are also translated as needed.
This works well unless you home web server or IP camera embed internal IP addresses (like 192.168.x.x) in HTTP body. This does happen sometimes in certain poorly programmed web camera authentication pages or other applications.
In that case our system will not detect this address and will not rewrite it making the URL unopenable from the Internet for it will still point to address http://192.168.x.x/index.html instead of http://garage110-camera.vpnki.ru/index.html
Unfortunately there’s nothing we can do to fix it as we don’t have the capacity to detect and rewrite addresses inside HTTP body. After all it may be a voluminous video stream.
If this issue affects your web server or IP camera, please use VPN to connect to it or employ our HTTP proxy-based access service. At least it gives some food for thought on the quality of software used on your device. Sadly this is not at all uncommon with no-name Chinese devices.
Lastly, please note that any changes to the settings on URL publish page don’t get applied immediately but rather within a short timeframe (up to 5 minutes). That is explicitly stated on said settings page.
Beta testing period
We plan to run URL publish in testing mode for several months and during this time you can have only one URL published. You are free to change the mapping to different resources (modem management interface, IP camera, web server, etc) as often as you like, but you can have just one mapping at any given time.
Cancelling the service
You can cancel the service at any time. In that case all your URL mappings will be deleted. To reenable the service you will have to accept Terms and Conditions again.