Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 9.x
  4. Topic: Access web interface of a device from remote/via WAN
« previous next »
Pages: [1]   Go Down

Access web interface of a device from remote/via WAN

  • 6 Replies
  • 1553 Views

guest22

Access web interface of a device from remote/via WAN
« on: June 20, 2016, 03:38:58 PM »
Hi,


what was is called again (contrib or how-to) to be able to reach a web interface of a device behind SME Server from remote please?
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Access web interface of a device from remote/via WAN
« Reply #1 on: June 20, 2016, 04:15:06 PM »
You want to set a proxypass ?
Logged
C'est la fin du monde !!! :lol:

guest22

Re: Access web interface of a device from remote/via WAN
« Reply #2 on: June 20, 2016, 05:21:40 PM »
Quote from: Daniel B. on June 20, 2016, 04:15:06 PM
You want to set a proxypass ?


Yep, that's it. I believe ssh was also somehow involved, or was that only with server-manager? I need to be able to access multiple IP phones web interface and IP camera's web interface. Do I need to create a domain for all of them? (fixed IP's).


Thanks for the pointer.
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Access web interface of a device from remote/via WAN
« Reply #3 on: June 20, 2016, 05:43:35 PM »
There's a lot of way to do what you want. From VPN, to SSH tunnels, and port redirection and proxy pass. Each solution has pro and cons (user friendliness / security)
Logged
C'est la fin du monde !!! :lol:

Offline DanB35

  • ****
  • 764
  • +0/-0
    • http://www.familybrown.org
Re: Access web interface of a device from remote/via WAN
« Reply #4 on: June 21, 2016, 01:17:06 AM »
...and of the options, I'd suggest a VPN (anything other than PPTP).  Proxypass would expose those devices to the wild Internet, and unless they're hardened for such exposure, the potential consequences are unpredictable.  SSH tunneling would be secure, but would require specifying a local port unique to each target device (though, on the positive side, it wouldn't require any configuration or contribs on your SME server).  A good VPN configuration like OpenVPN is secure, and once you've made the connection from the remote machine, it's like you're on the LAN.
Logged
......

guest22

Re: Access web interface of a device from remote/via WAN
« Reply #5 on: June 21, 2016, 01:53:30 AM »
Thanks guys,

I wish the wiki was better organised, documented and updated on all the VPN solutions out there and which one is the preferred one. I believe this is also a long overdue item on the wish list dating back to the release of Koozali SME Server 8...
Logged

Offline mmccarn

  • *
  • 2,627
  • +10/-0
Re: Access web interface of a device from remote/via WAN
« Reply #6 on: June 22, 2016, 01:15:44 PM »
Quote from: DanB35 on June 21, 2016, 01:17:06 AM
...Proxypass would expose those devices to the wild Internet...

You could restrict access to proxypassed URLs using a "require valid-user" or "require user <notanadmin>" directive (replace "<notanadmin> with a user account on your server that is not an admin...)

You'd either need to do the whole setup with custom templates, or customize /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass to read a config setting and output an appropriate 'Require' clause inside the "<Location..." block (where SSLRequire & ValidFrom are placed)

/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass is used to process proxypass "accounts" created using ProxyPass a alias/directory/location

Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 9.x
  4. Topic: Access web interface of a device from remote/via WAN