What is the recommended way to make my app accessible outside LAN?

So I have my app, it works nice on the device that hosts it. I can also access it from any devices inside my LAN. Now what’s the recommended way to make it accessible for devices outside the LAN?

Can I just redirect port on my router? I know the warning in Dash (Flask) console, but this app is designed for my personal usage, I do not plan to share it with anyone. It will need to handle 1, maybe 2 connection at a time. It is also under heavy developement so I want’t have a way to easily update it. The same way I currently have - simple restart the console after the code is updated, and I’m again ready to go.

I just want it to be accessible from any IP address, because I will also use it from my mobile phone, from different locations. I guess I would also need to secure it somehow. HTTPs? Filtering over MAC address on firewall? What are my options?

Edit:
I want just to connect by IP address, I don’t care domain.

Hey @Karls0 welcome to the forums. There are many ways to deploy your app, try the forum search.

If you just interested in accessing your app from the web, you could use ngrok as proxy.

I understand, but please note that my case is untypical. I’m not looking for a solution for public deployment (that indeed is described on the forum). Just an app for personal usage but accessible through different IP addresses but in secure way, where anyone from unauthorized device will be blocked.

I understand perfectly. The thing is that what you want to do is not really different to deploying the app. As I said, the easiest thing would be to use ngrok.

If I remember correctly, you can add basic authentication to the free tier of ngrok. You would have at least some protection. I usually just shut down the ngrok tunnel if not needed anymore.

But maybe other users have some ideas.

The way I do this is to run a VPN server on my home network. I can connect to the VPN (say using my phone) from anywhere and once connected it’s pretty much (not quite) as if I’m on the LAN. You get all the security you’re asking for - there has to be a certificate installed on any device that has to connect.

I’m using

  • pivpn running on a Raspberry Pi for the server (OpenVPN rather than WireGuard)
  • The free DuckDNS dynamic DNS service (to cope with my home IP address occasionally changing)
  • OpenVPN Connect on client devices

That’s much closer to what I need. But this enforce me to connect to VPN every time I want o get access. It is not deal breaker, but definitely not the most comfortable solution. Perfectly would be to have something like this, but without the requirement to being connected through VPN all the time.

It only takes a few seconds to connect (one click in OpenVPN Connect if you let it store your connection password), and if you have decent home broadband speed you could probably just stay connected to the VPN all the time without noticing much degradation.

It can be a bit tricky to set up, but once working it’s been very stable and reliable for me.

True, and I have VPN from the place where my server will be hosted, so I don’t even need to set OpenVPN. But it is only partial solution, even if I will ignore the inconvenience to connect to VPN every time I need access. Also anyone in LAN will be able to access my app. And I’m unable to isolate myself from the provider LAN. So this way, indeed I will be proteced from unauthorized access from internet, but not from intranet. So I would still need to filter it out by MAC od something.