专栏首页资讯类翻译专栏3个有用的树莓派网络项目

3个有用的树莓派网络项目

尽管树莓派是全世界电脑爱好者的挚爱伴侣,但它没有得到足够的赞誉。事实上,各种类型的单板计算机都没有得到应有的效果——我只是碰巧有一个树莓派。正是在对我树莓派所在的空间角落里匆匆瞥一眼,完成了我分配的任务,我才考虑我想的更高级的项目。

我可能需要一段时间才能处理这些宏伟的设计。但下一步完成愿望的最好事情是分享它们。这里的想法是草稿,而不是蓝图,但它们会产生一张粗略的图片。

我还应该指出,这些项目都在其蓝图中包含Linux(我知道令人震惊)。由于这是初步阶段,我们现在可以将具体的分配留白。不过,你可以放心,我们可能运行树莓派的任何服务都需要依靠在 Linux 基础上。

如果你没有号码,你就不能给家里打电话

以下三个项目中有两个需要服务器配置——由于服务器在更广泛的互联网上访问时非常有用,这也需要一些网络修补。具体来说,无论何时你想从外部访问自己的私人网络,你都需要确定面向互联网的IP地址和端口。

首先,弄清楚你的IP地址是什么,在广域网(WAN)上是动态的还是静态的。为了我们的目标,将我们的广域网看作互联网。如果你的广域网IP是静态的,那就太好了。它总是一样(只要你按时支付ISP),所以你可以开始处理端口。

但是,如果你的广域网IP是动态的,这意味着它会定期更改,因此还有其他步骤。你需要为其注册一个域,然后获得全球DNS基础设施来遵循这一点。放松!简而言之,这涉及注册域名,就像你注册网站一样,但将其设置为你家庭的广域网IP地址。

但是,如果你的广域网IP地址不断更改,这如何解决任何问题?

使用一个名为动态DNS(DDNS)的特殊DNS条目,一旦你将路由器与域关联,它将随着路由器的广域网IP的变化而自动更新自己。这样,你的域将始终指向当前分配给路由器的任何广域网 IP。

当你想从互联网访问局域网时,输入域名而不是输入IP地址。然后DNS将其解析到你的广域网IP,这样就万事俱备了。任何进一步的细节都超出了本文的范围,但这就是要点。

无论你选择哪种IP冒险,你都必须决定在路由器的广域网IP上打开哪些端口。如果我们将IP地址比作邮政地址,请将端口视为单元号。基本上,你的树莓派将通过你的网络上,其服务会打开任何它需要的端口,你的路由器将该树莓派端口映射到路由器面向广域网的端口之一。如果你在广域网IP(路由器)上点击了正确的端口,路由器将把流量传递给局域网上关联端口上的树莓派。恰如其分,这被称为“端口映射”或“端口转发”。

例如,假设你的路由器在广域网上是5.6.7.8。假设你的路由器的局域网 IP 是 192.168.1.1,而 树莓派 的局域网 IP 是 192.168.1.37。如果你想从地球上任何地方将SSH放入树莓派中,你会在192.168.1.37上设置端口22正常打开。然后,你的路由器将192.168.1.37上的端口22映射到(例如)其广域网IP(5.6.7.8)上的端口2222。

再说一遍,它还有很多,但本质上这就是 树莓派 网络配置的方式。

到筹划阶段

随着准备工作的完成,让我们做一些树莓派的图谱

1.VPN服务器

我的树莓派实验列表的首位是创建一个 VPN 服务器。当你可以免费通过时,为什么要为云VPN付费?不管怎样,我们大多数人都会把最好的东西,无论是物理的还是数字的,都留在家里。一旦你输入家庭VPN,你可以访问媒体文件、备份或局域网上的其他任何东西。

在这种安排中,你的树莓派是 VPN 服务器,你想要连接到它的最终用户设备,例如笔记本电脑或移动设备,是客户端。你的树莓派驻留在局域网上,路由器将 树莓派 VPN 端口映射到其广域网 IP 上的端口。拨开你家的IP和端口,出示所需的密钥,你将打开一条加密线路返回总部。

2.透明的VPN代理

这个项目是唯一的,因为它不提供服务(服务器也不提供服务),但它方便了现有服务的使用。当转换为透明的VPN代理时,你的树莓派将成为便携式安全设备,自动为你的其他设备提供 VPN 保护。

要构建透明代理,首先你需要确保你的树莓派有两个无线接口。树莓派机型最多只有一个无线接口,因此你必须至少用一台连接USB 的无线设备。其次,你需要VPN的服务。如果你的VPN是上面描述的服务器,我想你需要另一个树莓派。

透明的VPN代理旨在解决对网络的信任不足,无法直接将最终用户设备连接到它,但仍然需要连接的问题。本质上,代理设备通过在不受信任的网络和最终用户设备之间进行干预来做到这一点,然后通过你选择的VPN路由最终用户设备。这使得携带纯加密流量的不受信任的网络。

要做到这一点,请将树莓派配置为接入点 (AP) 和 VPN 客户端。它的AP是用来做什么的?可疑的网络。它作为VPN客户端的作用与你预期一样工作,其流量加密到VPN服务器。

当你的最终用户设备连接到树莓派AP 时,就会发生有趣的事情。由于树莓派的流量是最终用户设备的流量(与典型的 AP 一样),并且树莓派的流量也是加密的,因此你的最终用户设备流量是经过了传输加密的。但是,你无需更改最终用户设备上的任何设置即可获得加密。你的笔记本电脑或移动设备只是认为它处于正常网络上。更好的是,它从未与粗略的网络互动过。很巧妙,是吧?

3.文件存储服务器

我们回到服务器模式,所以网络先决条件又恢复了。

树莓派文件存储服务器可以代替云存储,同时提供额外的特权。一般概念是,与VPN一样,它位于你的局域网上,其文件服务端口映射到路由器广域网IP上的端口。然后,你将家庭路由器的IP和端口,加上服务器用户名和密码,输入网络存储客户端程序,从而打开存储的文件库,从而访问文件服务器。

运行你自己的网络文件存储的优势是巨大的。首先,你可以存储更多的数据。想要更多的空间吗?附加更大的硬盘驱动器。另一方面,你拥有基础设备。你不是将数据委托给某家公司,而是委托给你自己的硬件和开源软件——而且成本要低得多。你真的只把一次性成本投入到树莓派和硬盘驱动器中,然后只付电费。

一切就绪,开始,启动!

这些甚至不是我为我的树莓派制定的所有计划,但它们是我最兴奋的,我认为其他人可能会发现最有趣的方案。当我开始做这些事情时,你肯定会知道,因为我肯定会分享我的发现。在那之前,我希望这些能给你关于树莓派的思考。

原文题目:3 Helpful Networking Projects for Your Raspberry Pi

原文:In spite of being a beloved companion to computer hobbyists the world over, the Raspberry Pi doesn't get enough credit. In fact, single-board computers of all stripes haven't gotten their due -- I just happen to have a Raspberry Pi. It was upon casting a stray glance into the corner of my room where my Pi is, churning away on the previous task I assigned it, that I pondered all the loftier projects I have in mind for it.

It will probably be a while before I tackle those grand designs. But the next best thing to following my dreams is to share them. The ideas here are charcoal sketches, not full illustrations, but they yield a rough picture.

I should also note that these projects all contain Linux in their blueprints (shocking, I know). As this is the preliminary stage, we can leave the exact distribution blank for now. You can safely trust, though, that any services we might need our Pi to run will fasten flush onto a Linux base.

You Can't Phone Home if You Don't Have the Number

Two of the three projects below will require server configuration -- and because servers are most useful when accessible on the wider Internet, this also entails some network tinkering. Specifically, whenever you want to reach your own private network from the outside, you will need to nail down the IP address and ports on the Internet-facing side.

First, figure out what your IP address is and whether it is dynamic or static on the wide area network (WAN). For our purposes, treat our WAN as the Internet. If your WAN IP is static, great. It will always be the same (as long as you pay your ISP on time), so you can start working on ports.

However, if your WAN IP is dynamic, meaning it changes periodically, there are additional steps. You will need to register a domain for it, and then get the global DNS infrastructure to honor that. Easy! In a nutshell, this involves registering a domain, like you would for a website, but setting it to your home's WAN IP address.

But if your WAN IP address constantly changes how does this solve anything?

With a special DNS entry called Dynamic DNS (DDNS), once you associate your router with your domain, it will automatically update itself as your router's WAN IP changes. This way, your domain will always point to whatever WAN IP is currently assigned to your router.

When you want to access your LAN from the Internet, instead of entering an IP address you would input your domain. DNS then resolves it to your WAN IP, and you're all set. Any further detail is beyond the scope of this article, but that's the gist.

No matter which IP adventure you chose, you then have to decide what ports to open on your router's WAN IP. If we liken IP addresses to postal addresses, think of ports as unit numbers. Basically, your Pi will sit on your network with its service opening up whichever of its own ports it needs, and your router will map that Pi port to one of the router's WAN-facing ports. If you hit the right port on your WAN IP (the router), your router will pass the traffic to your Pi, on its associated port, on the LAN. Appropriately enough, this is called "port mapping" or "port forwarding."

For example, imagine your router is 5.6.7.8 on the WAN. Let's say your router's LAN IP is 192.168.1.1 and your Pi's LAN IP is 192.168.1.37. If you wanted to SSH into your Pi from anywhere on the planet, you would set port 22 on 192.168.1.37 to be open as normal. Your router would then map port 22 on 192.168.1.37 to (for instance) port 2222 on its WAN IP, 5.6.7.8.

Again, there's a lot more to it, but that's essentially how network configuration for your Pi goes.

To the Drawing Board

With our prep work out of the way, let's cook up some Pi recipes.

1. VPN Server

At the top of my list of Pi experiments is creating a VPN server. Why pay for a cloud VPN when you can tunnel home for free? Most of us leave our best stuff, physical and digital, at home anyway. Once you punch into your home VPN, you can access media files, backups, or anything else squirreled on your LAN.

In this arrangement, your Pi is the VPN server, and the end-user devices you want to connect to it, e.g. laptops or mobile devices, are the clients. Your Pi resides on your LAN, with your router mapping the Pi VPN port to a port on its WAN IP. Dial your home's IP and port, present the required key, and you will open an encrypted line back to home base.

2. Transparent VPN Proxy

This project is unique because it doesn't provide a service (and so isn't a server), but it facilitates the use of an existing service. When converted to a transparent VPN proxy, your Pi becomes a portable security device that automatically confers VPN protection on your other devices.

To build your transparent proxy, first you will need to ensure that your Pi has two wireless interfaces. Pi models come with, at most, one wireless interface, so you'll have to pick up at least one USB-connected wireless device. Second, you'll need a VPN service. If your VPN was the server described above, I guess you'll need another Pi.

A transparent VPN proxy is designed to solve the problem of not trusting a network enough to connect your end-user devices directly to it, but still needing connectivity. In essence, the proxy device does so by interposing itself between the untrusted network and end-user device, and then routes the end-user device through your VPN of choice. This leaves the untrusted network carrying purely encrypted traffic.

To pull this off, you configure your Pi as an access point (AP) and as a VPN client. What is it an AP for? The suspect network. Its role as a VPN client works as you would expect, with its traffic encrypted to the VPN server.

The interesting stuff happens when your end-user device connects to the Pi AP. Because the Pi's traffic is the end-user device's traffic (as with typical APs), and the Pi's traffic is also encrypted, your end-user device traffic is transitively encrypted. But you get that encryption without altering any settings on the end-user device. Your laptop or mobile device just thinks it's on a normal network. Even better, at no point has it ever interacted with the sketchy network. Neat trick, huh?

3. File Storage Server

We're back to server mode here, so the networking prerequisites are back in force.

A Pi file storage server can stand in for cloud storage while offering added perks. The general concept is that, like with the VPN, it lives on your LAN with its file service port mapped to a port on your router's WAN IP. You then access the file server by punching in your home router's IP and port, plus the server username and password, into your network storage client program and you throw open your vault of stashed files.

The advantages of running your own networked file storage are substantial. For one thing, you can store way more data. Want more space? Attach a bigger hard drive. For another, you own the infrastructure. You're not entrusting your data to some company, but to your own hardware and open-source software -- and it costs much less. You really only sink one-time costs into the Pi and hard drive, and just pay for electricity.

On Your Mark, Get Set, Boot!

Those aren't even all the schemes I've concocted for my Pi, but they are the ones I'm most excited about and that I thought others might find most intriguing. You'll definitely know when I get around to these, since I'm certain to share my findings. Until then, I hope these give you raspberry-flavored food for thought. 

原文链接:https://www.technewsworld.com/story/86985.html

原文作者:Jonathan Terrasi • LinuxInsider • ECT News Network

我来说两句

0 条评论
登录 后参与评论

相关文章

  • 树莓派折腾记:纯手机+数据线连接树莓派

    美丽应用
  • 如何在树莓派上安装 Ubuntu 服务器?

    树莓派是最著名的单板计算机。最初,树莓派项目的范围旨在促进学校和发展中国家的计算机基础科学的教学。

    用户1880875
  • 第一章 漫谈RaspberryPi

       Raspberry Pi(中文名为“树莓派”,简写为RPi,(或者RasPi / RPI)是为学习计算机编程教育而设计),只有信用卡大小的微型电脑,其系统...

    张国平
  • 八大关于业余无线电台的树莓派应用

    FHYC
  • 圣诞快乐——Keras+树莓派:用深度学习识别圣诞老人

    机器之心
  • 树莓派安装raspbian并配置开发环境

    首先准备好我们要烧录的raspbian系统,可以在树莓派官网中下载https://www.raspberrypi.org/downloads/

    墨文
  • 树莓派:无需显示屏安装centOS

    原料:树莓派3B+一台、网线一只、32g内存卡,win10电脑一台,手机热点一部。

    用户5473628
  • 树莓派4最小化安装Linux

    Raspberry Pi 4 Model B发布了半年了,其强大的性能与低廉的价格使得其非常的热门。

    bigmagic
  • 树莓派3B安装64位操作系统(树莓派无需连接显示器键盘鼠标)

    想在树莓派3B上安装一些64位应用(例如64位JDK),因此首先要安装64位的操作系统,今天咱们就一起来实战;

    程序员欣宸
  • 树莓派4b性能怎么样,值不值得买

    树莓派自2012问世以来,从第一款Pi 1到现在的Pi 4经历了4个大版本,在RAM大小和外围设备支持方面都发生了很大的变化。那么2019年千呼万唤始出来的树莓...

    用户6968133
  • 树莓派入手指南

    最近入手了树莓派,简单整理一些入手的注意事项,本文尤其是对于不了解树莓派并想要购买的同学有参考意义.

    技术小黑屋
  • 微信小程序控制树莓派(一)

    工作需要,尝试通过微信小程序实现对树莓派的控制,经过一番搜索整理与编码,目前可以在本地实现通过微信小程序界面向树莓派服务器端通信。

    TTTEED
  • 树莓派/PC实现实时摄像头数据共享—最优方法(搭建网络摄像头)

    方法一:Python+OpenCv实现树莓派数据采集,树莓派搭建服务器,PC机作为客户端实现数据传输,结果发现传输画质太差。

    不脱发的程序猿
  • 树莓派上运行RT-Thread并通过esp8266连接网络

    树莓派上使用网络也是一个非常重要的功能,有了网络之后,可以在树莓派上扩展的功能更加丰富了。本文主要是通过树莓派上接8266模块,利用rt-thread的AT网络...

    bigmagic
  • 从零开始用树莓派搭建一个实时人脸检测系统

    没错,那个小盒子装的东西叫做树莓派,可能有一些朋友还没接触过,暂且理解成一个小型的个人电脑就可以了。

    程序员一一涤生
  • 树莓派配置lnmp环境,安装一个仪表盘显示当前状态

    树莓派作为一台Linux主机,要是有一个可视化界面能实时显示树莓派的状态信息那该有多棒啊。

    小雨编程
  • 树莓派4裸机基础教程:环境搭建

    树莓派4作为一款学习嵌入式arm开发的开发板,是非常不错的选择。嵌入式开发往往需要的不仅仅是理论知识,还需要动手操作,然后实际体验效果。由于目前开发板要么资料太...

    bigmagic
  • 用树莓派搭建一个私人社交网络

    近年来,社交网络已经革新了人们的生活习惯。人们每天都会使用社交频道与朋友和家人联系。但是涉及到隐私和数据安全时,仍有一些共同的问题。尽管社交网络创建了复杂的隐私...

    用户1880875
  • 用树莓派搭建一个实时视频监控系统

    最近在GitHub上发现一个好玩的项目,不用安装其它任何依赖包,只要运行一个Python脚本就可以搭建一个实时视频监控系统。

    小雨编程

扫码关注云+社区

领取腾讯云代金券