Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: guest22 on June 20, 2016, 03:38:58 PM

Title: Access web interface of a device from remote/via WAN
Post by: guest22 on June 20, 2016, 03:38:58 PM

Hi,


what was is called again (contrib or how-to) to be able to reach a web interface of a device behind SME Server from remote please?

Title: Re: Access web interface of a device from remote/via WAN
Post by: Daniel B. on June 20, 2016, 04:15:06 PM

You want to set a proxypass (https://wiki.contribs.org/SME_Server:Documentation:ProxyPass) ?

Title: Re: Access web interface of a device from remote/via WAN
Post by: guest22 on June 20, 2016, 05:21:40 PM

Quote from: Daniel B. on June 20, 2016, 04:15:06 PM

You want to set a proxypass (https://wiki.contribs.org/SME_Server:Documentation:ProxyPass) ?

Yep, that's it. I believe ssh was also somehow involved, or was that only with server-manager? I need to be able to access multiple IP phones web interface and IP camera's web interface. Do I need to create a domain for all of them? (fixed IP's).


Thanks for the pointer.

Title: Re: Access web interface of a device from remote/via WAN
Post by: Daniel B. on June 20, 2016, 05:43:35 PM

There's a lot of way to do what you want. From VPN, to SSH tunnels, and port redirection and proxy pass. Each solution has pro and cons (user friendliness / security)

Title: Re: Access web interface of a device from remote/via WAN
Post by: DanB35 on June 21, 2016, 01:17:06 AM

...and of the options, I'd suggest a VPN (anything other than PPTP).  Proxypass would expose those devices to the wild Internet, and unless they're hardened for such exposure, the potential consequences are unpredictable.  SSH tunneling would be secure, but would require specifying a local port unique to each target device (though, on the positive side, it wouldn't require any configuration or contribs on your SME server).  A good VPN configuration like OpenVPN is secure, and once you've made the connection from the remote machine, it's like you're on the LAN.

Title: Re: Access web interface of a device from remote/via WAN
Post by: guest22 on June 21, 2016, 01:53:30 AM

Thanks guys,

I wish the wiki was better organised, documented and updated on all the VPN solutions out there and which one is the preferred one. I believe this is also a long overdue item on the wish list dating back to the release of Koozali SME Server 8...

Title: Re: Access web interface of a device from remote/via WAN
Post by: mmccarn on June 22, 2016, 01:15:44 PM

Quote from: DanB35 on June 21, 2016, 01:17:06 AM

...Proxypass would expose those devices to the wild Internet...

You could restrict access to proxypassed URLs using a "require valid-user" or "require user <notanadmin>" directive (replace "<notanadmin> with a user account on your server that is not an admin...)

You'd either need to do the whole setup with custom templates, or customize /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass to read a config setting and output an appropriate 'Require' clause inside the "<Location..." block (where SSLRequire & ValidFrom are placed)

/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass is used to process proxypass "accounts" created using ProxyPass a alias/directory/location (https://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_alias.2Fdirectory.2Flocation)