Publishing an in-house Blocks server on the Internet

This article describes how you can publish an in-house Blocks server so it becomes accessible also through the Internet. This is particularly useful if you want to make your Blocks server accessible to guests using their own mobile devices. Assuming your location has decent cellular service, this will let your visitors connect to your Blocks server to use it as an audio guide, or similar, based on a Visitor Spot. Since you're using the cellular internet connection already established on all phones, you won't need to provide a wifi network, thereby reducing the technical requirements on site as well as simplifying the onboarding process. A simple, printed QR code can be used to directly connect visitor's phones to your Blocks server.

It's based on a number of services provided by Cloudflare.com:

• DNS hosting of your domain name.
• A VPN-like tunnel, making your in-house Blocks server accessible from the internet.
• Certificate for secure server access (HTTPS).
• Caching of many resources, such as images, for improved performance and reduce load on your Blocks server.

These services are all currently provided for free by Cloudflare. This guide assumes you can use Cloudflare also as your DNS provider. However, when that's not an option, you can use a slightly different method based on a partial DNS (CNAME Setup).

In order to use this, you need the following:

• A Blocks server running on a computer that has access to the internet. Note that you don't need any publicly accessible IP address or port forwarding - just the ability to reach the Internet from your Blocks server.
• A suitable domain name that you control, or a subdomain for one. If you don't have one, you can buy one from Cloudflare or any other seller/registrar.

Once you have the above, follow these steps to publish your in-house Blocks server on the Internet

1. Create an account at cloudflare.com. If you already use them as your domain name provider, you already have an account with them. If you're using another registrar, you can create a free account.
2. Log in to your Cloudflare dashboard.
3. If you're not already using Cloudflare as your DNS provider, you may want to set that up and point your registrar to Cloudflare's DNS servers.
4. Select "Zero Trust" in the menu on the left hand side.
5. Select Access under Cloudflare Zero Trust.
6. Select Tunnels.
7. Complete setup if requested to.
8. Enter a "team name" (will also become your URL).
9. Select the "Free" bundle.
10. Select Tunnels again under Access.
11. Create a tunnel. Set the server-side URL to http: with localhost:8080 as the domain name and port (this assumes Blocks is using its default configuration, with the server listening at port 8080).
12. Name your tunnel.
13. Select the operating system of your server (select Debian, 64 bit if you're running a Blocks server based on our Linux server image).
14. Install and run the Cloudflare Connector as instructed.
15. Once the connector status says "connected" click Next.
16. Specify a subdomain (if desired) and domain name for the connector.
17. Wait for the tunnel to be created and show a "healthy" status.
18. Open a browser using

    https://<subdomain>.<domain>/edit

    to access the editor.

19. Connect spots using

    https://<subdomain>.<domain>/spot 

    .

Substitute <subdomain>.<domain> above with your subdomain (if any) and domain name.

You're stongly advised to enforce the use of https on all connections, following instructions found here. Using HTTPS avoids sending passwords and other potentially sensitive data as clear text.

IMPORTANT: Make sure you have set a secure password for all users of your Blocks server, so you're not using the default "pixi" password for the admin user.

To protect certain paths (such as everything under /edit in Blocks) with further authorization, add an Access policy in Cloudflare Zero Trust under Access > Applications > Self-hosted. In order to access the editor, you'll then need to further authorize access using the selected method, such as by email from an authorized domain.