Contributed by Ken Hall - thanks Ken!
Introduction
Astrophotographers using all-sky camera software like INDI-AllSky (https://github.com/aaronwmorris/indi-allsky) and AllSkyTeam's Allsky (TJ's) (https://github.com/AllskyTeam/allsky) often want to share their latest night sky images and timelapses with the world. The good news is both systems support built-in web interfaces and data uploads capabilities to mirror your allsky images accessible over the internet. The challenge is doing so in a secure, reliable way. In this guide, we'll outline how to expose your all-sky camera's content online using self-hosted solutions, highlight best practices (like mirroring data to a safe location and using secure tunnels), and cover common challenges you might face along the way. By the end, you'll have a clear roadmap to set up external access to your AllSky system, plus a handy FAQ to troubleshoot issues.
- Self-Hosted Solutions (Direct Exposure to the Internet)
- Best Practices for Mirroring and Secure Access
- Common Challenges and How to Solve Them
- Frequently Asked Questions (FAQ)
This approach involves making your AllSky system's built-in web interface available directly to outside users. Your Raspberry Pi (or whatever computer runs the camera) will act as the web server for your images. This avoids using third-party gallery services – everything is hosted by you.
- Ensure local access works first
- Configure port forwarding on your router
- Set up Dynamic DNS or a domain name
- Enable HTTPS for security
- Test external access
Before going public, ensure you can view your AllSky content on your home network:
- INDI-AllSky comes with a web-based user interface by default. Once the software is running, you can typically open a browser on a device in the same network and go to something like
https://<raspberrypi-local-ip>/(INDI-AllSky uses HTTPS by default and has an access-controlled console. You should see a dashboard with your latest image, controls, etc. Ensure this works internally first. - AllSkyTeam's Allsky (TJ's) software, in its traditional setup, saves images to a local web directory (e.g.
/var/www/html/allsky/on the Pi). It might use a simple web server (like Apache or lighttpd) to serve those files. Try accessinghttp://<raspberrypi-local-ip>/allskyon your local network. If you set up the AllSky Website on the Pi, you should see the default page showing your "live" image, latest timelapse, etc. If not, you may need to install and configure the AllSky web pages (refer to the AllSky documentation for setting up the web UI on the Pi).
Once you have local web access working, you're ready to expose it externally.
For others to reach your AllSky web interface, you need to allow traffic from the internet into your local network. This usually means port forwarding on your router:
- Find your AllSky device's local IP and port: e.g., Raspberry Pi might be
192.168.1.100. The web interface port is typically 80 or 443 for AllSkyTeam's Allsky (TJ's) web (80 for HTTP, 443 for HTTPS), or a specific port for INDI-AllSky (it often uses 443 with a self-signed cert by default). - Log in to your router (usually via a web admin page) and locate the Port Forwarding section. Add a rule to forward an external port (e.g. 80 for HTTP) to the internal IP and port of your AllSky device. For example, forward
TCP 80on the router to192.168.1.100:80. If you plan to use HTTPS, also forwardTCP 443to192.168.1.100:443. (You could choose a different external port number for security by obscurity, but using 80/443 is simplest for users). - Give your device a static IP (or DHCP reservation): This ensures the Pi's IP (e.g. 192.168.1.100) doesn't change over time, which would break the port forward. Set this in your router's DHCP settings or on the Pi itself.
- Test internally: While still on local network, try accessing your public IP (which you can find on a site like whatismyip.com) with the forwarded port from a device. Some routers may not support loopback, so this test might fail internally; an alternative is to use a phone on cellular data to test the public IP.
Caution: Opening ports means anyone on the internet can try to connect. Make sure you've read the Security section below – at minimum, the AllSky interface should be password-protected or read-only for the public (Security considerations · aaronwmorris/indi-allsky Wiki · GitHub).
Most home internet connections have an IP address that changes periodically (unless you pay for a static IP). Remembering an IP is also inconvenient. The solution is to use Dynamic DNS (DDNS) or your own domain:
- Dynamic DNS: You can use a free service like No-IP, DynDNS, or DuckDNS to get a hostname (e.g.
yourallsky.ddns.net) that always points to your current IP. You'll run a small updater on your Pi or router that tells the DDNS service when your IP changes. For example, No-IP provides a client you can install, or many routers have No-IP/DynDNS update capability built-in. Once set, you can usehttp://yourallsky.ddns.netto reach your camera. - Custom Domain: If you own a domain (like
yournameastro.com), you can create a subdomain (likeallsky.yournameastro.com) and have it point to your home IP. Since the IP may change, one approach is to use a DDNS service as above and then CNAME your subdomain to the DDNS name. Alternatively, some domain registrars offer their own dynamic DNS solutions.
Using a hostname is highly recommended – it's easier to remember and essential for setting up SSL certificates.
If you open your AllSky to the world, use HTTPS so that viewers (and you) have an encrypted connection. There are two main ways to do this:
- Let's Encrypt Certificate: If you have a domain or DDNS hostname, you can use Let's Encrypt to get a free SSL certificate. Install a tool like
certboton your Pi. Since your AllSky interface might not be a typical web server, one strategy is to install a standard web server (Apache/nginx) as a reverse proxy: it serves the certificate and forwards requests to the AllSky application. For AllSkyTeam's Allsky (TJ's) website (which might already be an Apache/lighttpd site), you can run certbot in webroot mode to get a cert for your site. For INDI-AllSky, which uses Flask, you could configure an Nginx proxy with the cert. The process is a bit technical, but many guides exist for "Let's Encrypt on Raspberry Pi". Once done, you'll have a trustedhttps://address for your AllSky. - Self-signed / Built-in HTTPS: INDI-AllSky actually generates a self-signed certificate by default for its interface (Security considerations · aaronwmorris/indi-allsky Wiki · GitHub). This means you can technically use
https://out of the box, but browsers will warn that the cert isn't trusted. For casual use or small audience, you might tell them it's safe and to proceed, but it's better to get a real cert or use one of the tunneling methods below which handle HTTPS for you. AllSkyTeam's Allsky (TJ's) default web template is HTTP-only; if you want HTTPS, you'll need to configure it yourself (or use a reverse proxy as mentioned).
The developer of INDI-AllSky suggests using Let's Encrypt for a proper SSL if you set up port forwarding and DNS. This step is important for security and professionalism (no browser warnings). Keep in mind Let's Encrypt requires renewal every ~60 days, so automate it (certbot can set up a cron job).
However, installing SSL certificates it not a necessecary step if you use the recommended method of sharing your allsky's website by using a free cloudflare tunnel.
Consider these safer alternatives to direct exposure:
- Mirror data to an external web server
- Use Cloudflare Tunnel for secure access
- Implement VPN access (e.g., Tailscale)
- Combine approaches for different needs
One best practice is not to expose the Raspberry Pi directly at all, but instead have it publish (mirror) the images and videos to a server that people can access. Both AllSkyTeam's Allsky (TJ's) and INDI-AllSky support this mode:
-
Using the AllSky Website Template (AllSkyTeam's Allsky): AllSkyTeam's software comes with an integrated website template (or you can download allsky-website from GitHub) that can run on a standard web host (INDI-Allsky Software Review – openastronomy.ca). The idea is that your Pi captures images and generates timelapses, then automatically uploads these files (via FTP/SFTP) to the web host. The website template will then display the latest image, last night's timelapse, star trails, etc., just like on the Pi. Many users follow this approach – for example, one user on Cloudy Nights described using the AllSky software and "uploading the media through FTP to my webserver" (Website Creation/Hosting - Experienced Deep Sky Imaging - Cloudy Nights). To set this up, you need:
- A web hosting account (could be a paid hosting provider, a VPS, or even something like a personal NAS that's internet-accessible).
- The AllSky website files installed on that server (so it has an
index.html/index.phpthat knows how to display your images). - FTP/SFTP credentials for that server, entered into the AllSky configuration on your Pi (in
ftp-settings.shfor AllSkyTeam's Allsky). You'd provide the host, username, password, and directory where files should go. - The AllSky software will then upload each new image (or just the "latest image") and daily videos at the end of the night. It also uploads a JSON data file with metadata. Ensure the FTP/SFTP path matches where the website expects files (common stumbling block: setting the remote directory incorrectly so files aren't in the right place) (Unable to see online the AllSky camera · Issue #1302 · AllskyTeam/allsky · GitHub) (Unable to see online the AllSky camera · Issue #1302 · AllskyTeam/allsky · GitHub).
- Once configured, anyone visiting your website (e.g.,
yourdomain.com/allsky/) will see the latest pictures without directly touching your Pi. Your Pi just needs outbound internet to upload files.
Benefits: Your home network is not receiving incoming traffic – the web host handles all viewers. Web hosts typically have better bandwidth and uptime. You can also customize the website without worrying about the Pi's limited web server capabilities.
Drawbacks: There's a bit of setup involved, and if FTP fails or your upload bandwidth is limited, the website might lag behind. Also, if you use a shared hosting service, you might not be able to run the full INDI-AllSky interface there (more on that next). -
INDI-AllSky Remote Web Portal (SyncAPI): INDI-AllSky has a powerful feature called SyncAPI for real-time mirroring. Essentially, you can set up a remote instance of the INDI-AllSky web application on a cloud server or VPS, and then have your home AllSky sync images and timelapses to it in real time (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.). The remote server will show the same interface and data as if you were on the Pi, but it's running on a machine out on the internet. Users browsing that remote site won't be touching your home device at all – they're seeing synchronized data. According to the developer, the INDI-AllSky web interface "is also the remote web interface" – you just install the software in web-only mode on the VPS and then configure your Pi to feed it via SyncAPI (New All Sky camera management software: indi-allsky - Page 36 - Astronomy Software & Computers - Cloudy Nights). A single remote server can even aggregate multiple AllSky cameras (if you have more than one) (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.). This mode requires a VPS where you have root access (a typical cPanel shared host usually won't work, since you need to run the INDI-AllSky Flask app and a database). Many users have found inexpensive VPS providers to do this (New All Sky camera management software: indi-allsky - Page 36 - Astronomy Software & Computers - Cloudy Nights). Once set up, the experience for viewers is seamless – it's just like browsing the interface as if connected to the Pi, including interactive features. The SyncAPI uses an API key and only transfers data, not control, so you can keep the remote interface view-only if desired.
Benefits: Real-time updates and the full functionality interface on a remote server. You can offload heavy tasks (like generating video or handling many web requests) to a more powerful machine. The Pi just focuses on image capture and pushing data out.
Drawbacks: Setting up a server and SyncAPI is a bit advanced. You have to maintain the VPS (apply updates, ensure the sync service stays running). It's essentially running a clone of the software in another place – double the infrastructure. But for enthusiastic users, this is a great solution. -
Cloud Storage Mirroring: Another mirroring approach is uploading images to cloud storage (like AWS S3 or Google Cloud Storage) and serving them from there. INDI-AllSky has built-in support for S3 object storage (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.). For example, you could have the Pi upload every image to an S3 bucket. The web interface (either on the Pi or remote) then loads images from that bucket instead of from the Pi directly. This hybrid approach means the heavy content (images, videos) come from a fast CDN-backed storage, while the Pi only serves the lightweight web pages. The INDI-AllSky documentation notes you could "host the web interface from your home and just have the large media files served from S3" (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.) – reducing bandwidth strain on your home internet. Configuring this involves getting API keys for AWS, setting the bucket name in the config, etc. AllSkyTeam's Allsky (TJ's) doesn't have direct S3 support out-of-the-box, but you could script something or use rclone to similar effect if needed.
In summary, mirroring your data externally is a best practice if you have concerns about exposing your home network or want better performance for viewers. It does involve additional setup (a web host or server and configuration of upload methods), but many users find the effort worth it for the peace of mind. As one AllSky contributor put it, "It's possible to have the website on your Pi and allow other people to access it... but if you have the money it's easier to buy some space on a web server and install the Allsky Website there" (Unable to see online the AllSky camera · Issue #1302 · AllskyTeam/allsky · GitHub).
If setting up port forwarding or a separate web server sounds daunting, Cloudflare Tunnel offers a more user-friendly (and highly secure) method to expose your AllSky to the internet. Cloudflare Tunnel (formerly called Argo Tunnel) creates a secure, outbound-only connection from your device to Cloudflare's network. In practice, it means: you don't open any ports on your router at all. Instead, a small service on your Pi will connect out to Cloudflare, and Cloudflare will handle incoming web visitors and route them to your Pi through that tunnel (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.). It's like putting Cloudflare's cloud in front of your Pi, with no direct IP exposure.
How to set it up (overview):
- Get a Cloudflare account and add your domain: Cloudflare's free plan is fine. You either need to use a domain you own, or Cloudflare can provide a free temporary subdomain for testing (using their
trycloudflareservice). It's better to have a domain – you can even register one through Cloudflare for simplicity. - Install cloudflared on your AllSky device: This is the daemon that runs the tunnel. Cloudflare provides precompiled binaries; on Raspberry Pi you can download the arm version.
- Authenticate cloudflared: You'll run a command to login to Cloudflare and authorize the tunnel agent.
- Create a Tunnel and configure it: You can do this from Cloudflare's web dashboard (Zero Trust > Tunnel) or via command line. Essentially you give your tunnel a name and then specify what service it will forward to. For example, "Forward incoming requests on
allsky.mydomain.comto http://localhost:80 on the Pi". You can also specify the local port if your AllSky web interface runs on a non-standard port. Cloudflare will generate a DNS CNAME entry for your tunnel address (or you can manually set a CNAME in your domain to point to the tunnel). - Run the tunnel: Once configured, start the
cloudflaredservice. It will establish a connection to Cloudflare's servers. Now, when someone visitsallsky.mydomain.com, Cloudflare's network receives it and sends it through the tunnel to your Pi, as if they were local.
Advantages of Cloudflare Tunnel:
- No open ports: Your router can remain completely closed to inbound traffic. This dramatically reduces security risk (no random port scans hitting your Pi). Cloudflare tunnel connections are outbound, which most home networks allow freely (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.).
- Free HTTPS and protections: Traffic goes through Cloudflare, so it will be HTTPS (Cloudflare provides the SSL cert for your domain). You don't need to manage Let's Encrypt on the Pi for this – it's handled. Additionally, Cloudflare can provide DDoS protection and even authentication if you use their Zero Trust Access features. For instance, you could require a login (Google OAuth, etc.) for anyone to view the site, or restrict by country, etc., all through Cloudflare settings. For a public allsky feed, you might not need those, but it's there.
- Performance: Cloudflare's CDN can cache static content. You might set a rule to cache images or timelapse videos for some minutes, which means faster load for repeat visitors and less load on your Pi.
- Ease of use: No dealing with dynamic DNS updates (Cloudflare will handle DNS). And you don't have to configure complex reverse proxies or worry about renewing certs.
Cloudflare Tunnel is explicitly suggested in the INDI-AllSky docs as a way to "further protect your indi-allsky site" (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.). It's an increasingly popular option in the self-hosting community for exposing home services safely. Cloudflare provides good documentation on setting up tunnels, and there are community tutorials as well.
Note: Cloudflare Tunnel assumes you have a domain on Cloudflare. If you don't want to buy a domain, you can use their ephemeral trycloudflare option (which gives a random subdomain for a temporary session) – okay for quick testing, but not permanent. You can also use Cloudflare Tunnel with just a free Cloudflare DNS name (Cloudflare now allows creating a tunnel without adding a domain by using a .cfargotunnel.com address). But the easiest route is to get a cheap domain for your allsky or use an existing one, and let Cloudflare handle it.
Not everyone wants their all-sky camera publicly viewable. Maybe you only need to check it yourself while traveling, or share with a couple of fellow astronomers. In such cases, Tailscale is a fantastic tool. Tailscale is a mesh VPN based on WireGuard that creates a virtual network between your devices. Only devices you authorize can join and see each other – it's like having your own private LAN that spans the internet (Set up a dogcam with Tailscale, Raspberry Pi, and Motion · Tailscale Docs). The key point: if your AllSky Pi and your phone/laptop are both in your Tailscale network (called a "tailnet"), you can access the AllSky interface as if you were on the same Wi-Fi, without any ports opened or special router config.
Getting started with Tailscale:
- Sign up for a free Tailscale account (it's free for personal use up to 20 devices as of writing).
- Install Tailscale on the Raspberry Pi (it's a one-line script or use apt). Then run
tailscale upand authenticate the Pi with your account. Now the Pi is in your tailnet and gets an IP address like100.x.y.z(a private Tailscale IP). - Install Tailscale on your viewing device (PC or smartphone app) and log in. That device joins the tailnet and also gets a 100.x.y.z address.
- Now you can access the Pi's services: for example, if the AllSky web is on port 80, you can go to
http://100.x.y.z(the Pi's Tailscale IP) in your browser, and it will load (you may need to specifyhttps://if the service expects HTTPS). Alternatively, Tailscale assigns a MagicDNS name likeraspberrypi.tailnet-name.ts.netyou can use. Essentially, it's as though you are on the Pi's local network even if you're actually on 4G or in another country.
Every connection through Tailscale is encrypted end-to-end and only accessible to your devices (Set up a dogcam with Tailscale, Raspberry Pi, and Motion · Tailscale Docs). There's no exposure to the wider internet, so it's extremely secure. You also don't have to deal with DNS or changing IPs – Tailscale takes care of finding the route to your Pi.
This approach is excellent for remote administration too. You can SSH into your Pi via Tailscale, or use VNC, etc., without opening SSH to the internet. In fact, many users use Tailscale alongside one of the public methods: e.g., use Cloudflare Tunnel for the public image display, but use Tailscale for maintenance and full control.
Sharing via Tailscale: By default, only you (the account holder) and devices you add can access the tailnet. If you want to share your AllSky with a friend, you have a few options: you could invite them to your Tailscale network (they'd need to install the client and then they'd have access to your Pi whenever their Tailscale is on). This is a bit heavyweight if you just want them to see an image occasionally. A newer feature, Tailscale Funnel, allows you to expose a specific service on your tailnet to the public internet via a Tailscale relay. It's still an advanced feature (and may require enabling beta features and using Tailscale CLI to configure). Funnel essentially lets your Pi accept connections from the internet through Tailscale's infrastructure, without the other user needing Tailscale. However, since the question focus is on self-hosted and secure solutions, a funnel is conceptually similar to Cloudflare Tunnel in that you rely on a third-party relay (Tailscale) for connectivity. For most people, if public access is desired, Cloudflare Tunnel is simpler; if private access is enough, stick with the basic Tailscale VPN approach.
In short, Tailscale (or similar VPNs like ZeroTier or a DIY WireGuard/OpenVPN server) is a highly secure way to access your AllSky system remotely. It avoids "trusting a third-party service or risking exposing a camera inside your home to the public internet" (Set up a dogcam with Tailscale, Raspberry Pi, and Motion · Tailscale Docs). The trade-off is that it's not open to everyone – only those you've allowed. Many find this acceptable or even preferable.
You can mix and match the above strategies as needed. For example, you might use direct exposure (port forward) during testing, then move to Cloudflare Tunnel for production. Or use a remote mirror for a polished public website, and Tailscale for personal control and uncompressed image access. Consider your use case: if you're running a science project and want worldwide collaborators to see your data, a public site (either via direct or tunnel) makes sense. If it's a personal hobby cam, maybe just VPN is enough. Either way, plan for security – which leads us to common challenges and tips.
Setting up external access can involve several hurdles. Here are some frequent issues AllSky users face, and tips to address them:
-
Networking & Firewall Hurdles: The first obstacle is typically the router/firewall. As noted, if your Pi has an IP like 192.168.x.x, that's a private address; you must configure your router to let external traffic through to it (Unable to see online the AllSky camera · Issue #1302 · AllskyTeam/allsky · GitHub). Double NAT (e.g., if you're in an apartment behind a building's router, or using a secondary router) can complicate this – you'd need port forwarding at each level. Always test connectivity from an outside network. If you just can't get through, consider that some ISPs block incoming ports on basic plans. For example, certain ISPs block port 80 to prevent customers running web servers. In that case, you might try using a higher-numbered port (and then accessing with
http://yourIP:port) or better, ask the ISP or check their policy. If you can't open ports at all due to ISP restrictions, skip to the Tunnel/VPN solutions. Also, ensure the device's firewall isn't blocking connections: Raspberry Pi OS usually doesn't enable a firewall by default, but if you have UFW or similar, allow the ports. -
Carrier-Grade NAT (CGNAT) / Mobile Network Issues: A special case of the above – if your AllSky is on a mobile 4G/5G hotspot or LTE router, you likely have no true public IP. Mobile networks often use CGNAT, meaning multiple users share an IP and inbound connections can't reach you. One AllSky builder noted, "Mobile networks do not allow port forwarding... there's no way to access [the Pi] via the mobile IP address" (Building an Off-Grid All-Sky Camera: Part 2 – Tiny Patch of Sky). The solution in such cases is always to use an outbound connection: either have the Pi connect to a VPN (as that user did by creating a reverse VPN back to his home), or use Cloudflare Tunnel. Tunnels don't require a public IP, so they're ideal for Starlink, cellular, or other restrictive networks. In summary, if your AllSky is remote (off-grid observatory, etc.), plan on a tunnel or a VPN from the start.
-
DNS Configuration: It's common to set up everything correctly with port forwards but forget the DNS part. Remember that if you want a nice URL, you need to either run a Dynamic DNS updater or use a service like Cloudflare which can auto-update DNS via its API. If you type your domain and nothing happens, try the raw IP: if the IP works but the domain doesn't, it's a DNS issue (maybe the hostname isn't updated to current IP, or you haven't waited for propagation). Also, if using a custom domain with Cloudflare Tunnel, make sure the DNS in Cloudflare's dashboard is set to "proxied" (orange cloud) for that record; Cloudflare will then route it through the tunnel. If it's "DNS only", it won't work because the IP Cloudflare gives your tunnel is not directly accessible.
-
INDI-AllSky Specific HTTPS/Redirect Quirks: By design, INDI-AllSky enforces HTTPS and secure cookies (Security considerations · aaronwmorris/indi-allsky Wiki · GitHub). If you attempt to access it via plain HTTP, it may redirect you to HTTPS. When doing a custom setup, this can lead to confusion (e.g., you port-forwarded 80, but it keeps redirecting to 443 which isn't open). The fix is either open/forward 443 as well, or adjust settings. The INDI-AllSky wiki even has a page on "Disable HTTPS" for those who need plain HTTP (for behind-the-scenes reasons or troubleshooting). Additionally, INDI-AllSky uses a Flask server which by default might be on port 5000 (if not behind a proxy). But the install script likely sets up a service with gunicorn + a proxy, so that it runs on 443. Check the documentation or how the service is configured on your system (
/etc/indi-allskyconfigs). If you run into issues like the web interface not loading externally while port forward is correct, it might be an HTTPS vs HTTP issue or a needed config tweak (for example, one user had to setREMEMBER_COOKIE_SECURE=falseand remove an HTTPS redirect when combining with Cloudflare because of double-HTTPS issues (Good day. Using indi-allsky. What need to remove modules/services ...)). The key is to ensure the external URL you use matches what the application expects (protocol and port). -
TJ AllSky Software Limitations: The older AllSkyTeam's Allsky (TJ's) doesn't include user accounts or password protection on the image webpage – it's essentially static content. This means anyone who knows the URL can view your images. For most, that's fine (it's mostly just pretty sky pictures), but be mindful if you overlay location or have an IP-based info on it. There's also no native HTTPS support in the AllSky scripts; you rely on whatever web server you install. So, if you want to restrict access, you'd have to implement it at the web server level (for instance, put a basic HTTP Auth on the site so it requires a username/password, or use IP filtering). Another limitation: the FTP upload method is a one-way street – if it fails one night, your website might not update until it succeeds again. Always double-check your FTP/SFTP settings if you notice your external site not showing new images. On the Pi, logs or the
/endOfNight.shoutput can reveal errors in uploading (FTP Issue · Issue #74 · AllskyTeam/allsky · GitHub). Adjusting timeouts or using SFTP can improve reliability (SFTP is generally more robust and secure than FTP). Also, keep an eye on file retention – by default AllSkyTeam's Allsky (TJ's) might delete images older than X days on the Pi to save space (it was mentioned that default expiration is 10 days for images (Question what folder are my timelapse images stored in for - Facebook)). This doesn't delete what's uploaded remotely, but just be aware of where your only copies of data reside. -
Bandwidth & Performance Constraints: Serving astrophotography data can be heavy. Nightly timelapse videos might be tens of MBs; a single full-resolution all-sky image can be 5-10 MB (especially from a high-res camera). If you have a slow upload speed on your home internet, users will find the site slow when loading videos, or it might impact your own internet. Some strategies to mitigate this:
- Enable compression on your web server (if using Apache/NGINX, turn on gzip for JPEG/MP4 files – though images/videos are already compressed, so gain is limited).
- Limit the resolution or quality of public-facing images. Perhaps have the Pi generate a second smaller image for web display (some allsky setups do create a thumbnail or resized image for the "live view" to load quickly).
- Use the Loop/preview mode (in INDI-AllSky) which generates a timelapse on the fly of recent images – this can be a quick low-res video to share current conditions without needing the full-resolution stills (INDI-Allsky Software Review – openastronomy.ca).
- Offload content: as discussed, using S3 or Cloudflare caching can drastically reduce load on your Pi. Cloudflare free plan can cache certain file types if you set a Page Rule (like cache all content under
/images/for a few hours). This way, if 10 people view your last image, the Pi might only actually send it once to Cloudflare, and then CF serves the rest from cache. - Watch the Pi's CPU/RAM: The web server plus allsky processing can add up. If you find the web interface slow or unresponsive under load, consider a hardware upgrade (Pi 4 over Pi 3, for instance) or reducing the image processing workload (e.g., if stacking or meteor detection is on, those use CPU). INDI-AllSky's author recommends Pi4 for 4K images especially, as features like stacking can eat memory.
- Data Caps: If you're on a metered connection (like LTE), be mindful of how much you're uploading. A full night's worth of images and a video can be hundreds of MB per night. Using lower quality settings or only uploading the timelapse video (instead of every frame) might save data. The INDI-AllSky S3 estimate was ~50GB for 30 days of images + 90 days of videos (GitHub - aaronwmorris/indi-allsky: Software to manage a Linux-based All Sky Camera.), which gives you an idea of data volume for high-res usage.
-
Domain and SSL Oddities: If you use a custom domain and you set up Let's Encrypt, note that if your IP changes, the certificate might need re-issuance (Let's Encrypt certificates are tied to domain name, not IP, so that's fine – just ensure your domain always points correctly when renewal happens). If you switch to Cloudflare proxy, and you already had Let's Encrypt on your server, you might end up in a scenario with "Flexible SSL" (Cloudflare to user is HTTPS, but Cloudflare to your Pi is HTTP). It's better to use "Full SSL" (Cloudflare to Pi also HTTPS) which means your Pi should have some certificate (even self-signed). Cloudflare can be set to not validate that cert (Full SSL not strict), so a self-signed is okay. This ensures encryption all the way. Alternatively, Cloudflare can issue a special Origin Certificate for your Pi which you install – it's trusted by Cloudflare, not by browsers, but that's fine since browsers only see Cloudflare's cert. This might be overkill for an allsky, but mentioning in case someone attempts a hybrid setup.
-
Software Updates and Compatibility: INDI-AllSky is under active development, and AllSkyTeam's Allsky (TJ's) also gets updates occasionally. When you update, be careful that your custom configurations (like ftp settings or cloudflare services) continue to work. For example, a new version might overwrite config files or change the way the web UI runs. Keep notes of any custom changes. The community is quite active (forums on Cloudy Nights, GitHub issues) – if you run into a strange issue (like the web UI showing blank or a specific module crashing when accessed remotely), chances are someone has discussed it. Check the release notes when upgrading; security fixes are important, but also ensure new features (say, a new auth system) don't lock you out inadvertently when accessing externally.
By anticipating these challenges, you can save yourself a lot of frustration. Next, we'll address some of these points in a Q&A format for quick reference.
Q: Do I need a static IP address?
A: No, you can use Dynamic DNS services.
Q: Why do I get SSL certificate errors even when accessing from my home network?
A: This happens because INDI-AllSky uses HTTPS by default with a self-signed certificate. Your browser warns you about self-signed certificates because they aren't verified by a trusted authority. This is normal and you can safely proceed (add an exception in your browser) when accessing locally. If you want to avoid these warnings, you can either:
- Install a proper SSL certificate (like Let's Encrypt)
- Disable HTTPS (though not recommended)
- Add your self-signed certificate to your devices' trust stores
Q: Is it safe to expose my camera to the internet?
A: With proper security measures, yes. We recommend using Cloudflare Tunnel or VPN access.
Q: What's the easiest way to share my images?
A: For beginners, mirroring to a web host is simplest. For more control, Cloudflare Tunnel provides a good balance of security and ease of use.
This guide is part of the How-to-build-an-allsky-camera project. For more information, visit our main documentation.
www.titanastro.com