Publicly Available Installations -- out of date

[mcguirepr89]

Out of date -- see comment from October 21st, 2021

So you have the BirdNET-system up and running and you want to show it off, eh? That's great! BirdNET-system was built with sharing data in mind. Follow along here to learn how the web services are handled and change them to be reachable at your personal domain.

Before we make any changes, I want to explain a bit about the process so that you know what you're doing and why. But if you don't care, you can skip down to the Prerequisites To Sharing BirdNET-system section.

The main idea
BirdNET-system uses Caddy as its web server, alongside 3 small GoTTY web servers. In spite of having 4 separate web servers, Caddy actually manages them all. Take a quick look at the default Caddyfile:
(Note: This is the current default, and may change in the future, but the main idea is the same.)

http://raspberrypi.local {
  root * ${EXTRACTED}
  file_server browse
  basicauth /Processed* {
    birdnet ${HASHWORD}
  }
  basicauth /stream {
    birdnet ${HASHWORD}
  }
  reverse_proxy /stream localhost:8000
}

http://birdnetsystem.local {
  root * ${EXTRACTED}
  file_server browse
  basicauth /Processed* {
    birdnet ${HASHWORD}
  }
  basicauth /stream {
    birdnet ${HASHWORD}
  }
  reverse_proxy /stream localhost:8000
}

http://birdlog.local {
  reverse_proxy localhost:8080
}

http://extractionlog.local {
  reverse_proxy localhost:8888
}

http://birdstats.local {
  reverse_proxy localhost:9090
}

Each "site-block" is separated by a blank new-line for readability.
You can see that there are 5 site-blocks, the first 2 of which look a little redundant at the moment:

1. http://raspberrypi.local -- File service and reverse_proxy to live stream
2. http://birdnetsystem.local -- File service and reverse_proxy to live stream
3. http://birdlog.local -- reverse_proxy to GoTTY log
4. http://extractionlog.local -- reverse_proxy to GoTTY log
5. http://birdstats.local -- reverse_proxy to GoTTY log

Notice that each site address is http only. This disables a great little feature that is build into Caddy: automatic handling of TLS/SSL certificates. These certificates are what add the "s" to your https and encrypt the traffic that flows between the server and its clients.

If we were to simply add the "s" to the http addresses here, and restart Caddy, Caddy would automatically reach out to Certificate Authorities (CAs) to determine whether BirdNET-system actually owns https://raspberrypi.local. Since it is impossible to own a domain outside of the acceptable Top Level Domain options (e.g., .com, .org, .gov, .edu, .xyz, .io), Caddy would fail trying to prove that BirdNET-system owns http://raspberrypi.local.

If, however, we were to replace "http://raspberrypi.local" with a domain we actually do own, say "https://pmcgui.xyz" and then restart Caddy, Caddy would automatically reach out to CAs to find without error that this BirdNET-system does in fact own that domain. After that handshake, the BirdNET-system is reachable at "https://pmcgui.xyz"!!

Prerequisites To Sharing BirdNET-system

• If you want to share your BirdNET-system Extractions over the internet, you will need to own a Top Level Domain name. The domain name will need to be registered with a DNS service provider to point to the public IP address of the network on which your BirdNET-system resides (DNS A records). Most domain name providers also provide access to setting up DNS A records and instructions on how to do so. And lastly, be sure ports 80 and 443 are forwarded to the BirdNET-system host IP address through the router or switch. (Advanced users may also consider using subdomains to access different pages at different URLs.)

• To test if you have met the prerequisites, do the following:

  1. From the Raspberry Pi, go here and make note of your public IP addresses.
  2. Then, go here and enter your domain name just as you would expect to input it into the web browser address bar to reach the web site.
  3. If the results of your DNS check point to the public IP address from step 1, you're in business. If not, you will need to check with your domain name provider on how to setup an DNS A record to point to that IP address.

Sharing BirdNET-system
In order to have Caddy handle the SSL/TLS certificates to encrypt the traffic between our BirdNET-system and any users who want to connect to it, we will need to alter the default Caddyfile.

This file is not editable as the regular pi user, so we'll need to edit this in the terminal using sudo and nano.

1. In the terminal, run sudo nano /etc/caddy/Caddyfile to open a terminal text editor you can use to alter the URLs beginning each site-block.
2. In that file, next to the address that reads http://raspberrypi.local, add your domain name. See the before and after example below that shows the changes needed to make the first site-block accessible at your domain. The example will be making the BirdNET-system available at "https://mybirdnetsystem.com".

Before:

http://raspberrypi.local {
  root * ${EXTRACTED}
  file_server browse
  basicauth /Processed* {
    birdnet ${HASHWORD}
  }
  basicauth /stream {
    birdnet ${HASHWORD}
  }
  reverse_proxy /stream localhost:8000
}

After:

https://mybirdnetsystem.com http://raspberrypi.local {
  root * ${EXTRACTED}
  file_server browse
  basicauth /Processed* {
    birdnet ${HASHWORD}
  }
  basicauth /stream {
    birdnet ${HASHWORD}
  }
  reverse_proxy /stream localhost:8000
}

Once you've made the change to the Caddyfile, you can restart the service with sudo systemctl restart caddy. Caddy typically takes about a minute to properly fetch and validate its new certificates.
After a minute or so, you should be able to reach your BirdNET-system at https://mybirdnetsystem.com!!
-- Note that some home networks do not route requests to themselves very gracefully, e.g., you may try https://mybirdnetsystem.com from the same WiFi the BirdNET-system is using, only to be redirected to your router's login page. If this is the case, that doesn't mean it is not working, it simply is a router (or ISP provider) quirk. Test the website from your phone's LTE connection.

Please let me know if anyone has trouble with this or needs more information. I will likely be changing the basic BirdNET-system Extractions page to also include links to the web logs so that you only need to change one site-block in order to have full access to all of your web services from one domain address.

Best of luck!
Patrick

[mcguirepr89]

The information above mostly still applies to BirdNET-Pi, but has been simplified a bit. Please comment here if there is any uncertainty on how to adjust the information above to apply to the BirdNET-Pi installation.
~~Patrick

[mcguirepr89]

This is now a bit outdated. To share your BirdNET-Pi installation, edit the birdnet.conf after installation to the domain you own as the variable "BIRDNETPI_URL", and for the "BIRDNETLOG_URL" and "EXTRACTIONLOG_URL" variables, if you have two more (sub)domains. Only the BIRDNETPI_URL is needed to have most features work -- the log view will now work without addresses for those variables.

After updating the birdnet.conf file, run "Update BirdNET-Pi" from the web interface's "Tools" page. When the update is complete, your installation should be reachable at your domain.

Please don't hesitate to comment here or in the issues section for help getting this working!

My best,
Patrick

[ghost]

I have no domain, would it be possible to make a public page where users could share here system? Oh, because the audio signal is shared, you have to be careful with the neighborhood.

[mcguirepr89]

I can create links to other folk's installations who don't own domains, but all traffic from the user to your BirdNET-Pi would be un-encrypted, which would be bad for the database and the BasicAuth. Unfortunately, I think one would need a domain to share

[mcguirepr89]

This is the most elegant solution to the dynamic dns problem -- and it provides a free domain name for all users!

NoIP.com

I will provide screenshot step-by-step guides for this, but will ultimately tuck this into an optional service (since it's just an executable and only supports init and not systemd).

1. Registered a FREE hostname using their FREE provided domain
2. Installed the Dynamic Update Client onto my BirdNET-Pi

That's it!! Now, the Dynamic Update Client (on the BirdNET-Pi) will update the DDNS (NoIP) that it has a new IP address, and the A record (the public IP address associated with the free No-IP hostname). This is basically what AnyDesk does to keep its clients updated with its servers.

Diagram:

~~ How to manage a Dynamic Public IP Address ~~
IP=Public IP Address (find with `curl -4 ifconfig.co`)
DDNS=Dynamic Domain Name Server (https://noip.com)
DUC=Dynamic Update Client (on the BirdNET-Pi)
(This diagram does not show network traffic flow, 
rather, it shows how the dynamic dns is handled)

+-----------------------------------+
|                                   | 
|    Dynamic Domain Name Server     |  
|      No-IP hostname entry for     |
|        birdnetpi.ddns.net:        |
|"A" record target ->172.73.170.186 |      
|                                   |       +---------------+
+-----------------------------------+<----->|    Internet   |
                 ^|                         |ISP/LTE Carrier|
                 || DDNS directs all        +---------------+
DUC updates DDNS || requests to                     |
when IP changes  || birdnetpi.ddns.net              | ISP or LTE carrier
                 || to 172.73.170.186               | issues DHCP IP to
                 |v                                 | modem or router
+-----------------------------------+               v
|                                   |       +----------------+
|            BirdNET-Pi             |       |  Router/Modem  |      
|      Public IP=172.73.170.186     |<----->|Passes its IP to|
| [ Running DUC ] checks every Nmin |       |the rest of the |
|    Hostname=birdnetpi.ddns.net    |       |     network    |
|                                   |       +----------------+
+-----------------------------------+

When the ISP/LTE Carrier issues a new public IP address to the Modem/Router, the DUC running on the BirdNET-Pi sends an update to the DDNS that it has a new IP address. The DDNS updates its A record so that requests to "http://birdnetpi.ddns.net" resolve to the newly updated IP address.

[mcguirepr89]

The only other thing I can think is that there may be an issue with your router due to the power cuts from the morning. If it's not a lot of trouble, try power cycling the router.

[CaiusX]

Router reboot has changed my public IP, 169.0.167.98

[mcguirepr89]

Dang -- Still nothing. I'm sorry for the non-starter. I can't explain what is going on (a firewall makes sense, but I'm sure you would know if there were a firewall configured on your network). I'm sorry for the trouble having a new public IP causes. I will continue researching possible causes to what I'm seeing and will hopefully be able to get back to you with a solution promptly.

[mcguirepr89]

One thing I've found is ensuring that NAT translations are enabled on the router. Perhaps that is disabled by default and reverted to defaults after the power cycle? That's kind of a guess, but I'm kind of at the stage now where I have to guess.

[CaiusX]

Try again