I will be going on a 100 day (global) tour where we will be generating 1TB of video data per day. To mitigate risk of data loss we plan to drop one copy of hard disks with local volunteers in each country en route, who will upload the data from their home connections back to our server.
We don't want to open up the server to the whole world, and would like to restrict access to just those IPs that are uploading data to us, but the volunteers will mostly have dynamic IP addresses. How do we do this?
We are making a small application that will manage the data transfers, so we can do some custom logic in that.
EDIT: I just found out about Dynamic DNS services (like noip.com). Would it be fair to assume that most people's home routers would support DDNS configuration? Our infra person says that thay can configure our firewall whitelist to be based on this instead of IPs). This sounds like a simple, secure solution. Any thoughts?
As @Bob says, the best way is to run a VPN server and have them use that.
But, another slightly creative way to do it would be to use something like AWS Lambda & API Gateway. Set up a Lambda to take the HTTP callers IP, and write it to an SQS queue. Then have something on the server that consumes that queue and updates the firewall. Protect the Lambda with an API key in API Gateway. Give the volunteers a script/program to run on a USB stick, they run the program, it triggers the update, then waits a bit and logs them in to the server.
That's all quite involved though, so fine if you're happy getting deep into the tech on this, but if you want something simple just set up OpenVPN/Wireguard on your server on a random port!