Secure Network Access
My former elementary school asked me to design a secure network access system for their local heating system.
But... I'm not a network engineer
Since I'm not a professional network engineer, I had to learn a lot about network security and how to implement it practically. I started by researching the latest security protocols and best practices, then designed a system that would meet the school's needs while maintaining robust security.
I do however have some experience with network engineering and have worked on several projects that involved network design and implementation. This was however some time ago during my university years.
An old thin client that I opened up and repurposed.
Coding and documenting the system
The solution
After discovering there was no existing server infrastructure in place, I decided to implement a simple yet effective solution using a Raspberry Pi and a few other components. The Raspberry Pi acts as a Docker host and runs a Cloudflare Tunnel instance that creates secure outbound-only connections.
Key components:
- A Docker container running Cloudflare Tunnel for secure outbound traffic only
- An automated startup script that launches the Docker container when the Pi boots
- SSL/TLS encryption for all (unsecured) HTTP traffic
- Cloudflare's security features to monitor and protect the network
After monitoring the Raspberry Pi's temperature, I noticed it was running hot. While not critically overheated, we relocated it to a cooler spot for optimal performance.
I also keep a backup Raspberry Pi on hand for testing and development. This allows me to quickly switch between the two devices in case of issues or when deploying updates. In the past I have had some issues with the Raspberry Pi's hardware, which led to the need for a backup device.
v1: Inside this mess (I should go back to fix this).
v2: Relocated to a cooler location.
Working together with AI
A great opportunity to use AI to expand beyond my foundational knowledge
This project provided an excellent opportunity to collaborate with AI to enhance the network's security. I used AI to verify potential security threats, asking questions like: "What are the potential security vulnerabilities of a Raspberry Pi running Docker containers?" This approach significantly improved the overall security of my implementation.
The project marked my first time using AI as a technical assistant, and it proved invaluable for learning new concepts and validating my approach.
Local web server inside the heating system
The humble Pi doing its job
Mission accomplished
And there we have it: a secure network access system that meets the school's operational needs while maintaining strong security protocols. This was an enjoyable project that pushed me to learn new skills and apply them in a real-world setting.
Special thanks to Jorgen for his invaluable assistance throughout the project!