sbender9
commented
1 year ago Do you really need a firewall on your local network? This is not normally done.
Closed amosgroth closed 1 year ago
sbender9
commented
1 year ago Do you really need a firewall on your local network? This is not normally done.
amosgroth
commented
1 year ago Do you really need a firewall on your local network? This is not normally done.
Yes, because the Pi runs other services that need to be strongly protected.
amosgroth
commented
1 year ago Actually quite strange: when I disable the firewall for a quick test, the SignalK web frontend is still not showing up, instead it redirects from https://192.168.108.160:3000/ to https://192.168.108.160:3443/ but nothing is shown there because the browser says that the certificate is invalid:
Tested with two different browsers...
sbender9
commented
1 year ago That's normal because it is a self signed certificate.
Tell you browser to load it anyway or turn off SSL.
amosgroth
commented
1 year ago That's normal because it is a self signed certificate.
Tell you browser to load it anyway or turn off SSL.
OK thx. That one is fixed. Let's get back to the initial question: could you tell me which ports (in which direction in/out) need to be open for SignalK to work properly?
sbender9
commented
1 year ago In you need 3000 and 3443.
Out really depends on what you're doing, but definitely leave 80 and 443 open for outgoing.
And again I seen no reason to use a firewall unless your pi has a real ip open on the internet. Or you're worried about people getting on your local networking and trying to hack the pi.
sbender9
commented
1 year ago You may also want 10110 open in if you want to connect apps that read 0183.
tkurki
commented
1 year ago This is the first time I remember firewall configuration coming up. The default ports that Signal K uses are documented in the README, beyond that you're on your own.
Note that people are running Signal K on other operating systems and just Linux has multiple ways for setting things up (ufw is just one), so providing comprehensive firewall configuration documentation is not practical. If you want to contribute documentation we can add a page in the Wiki.
Understanding TLS cerficates falls in the same category: if you don't understand how they work, what are self signed certificates and how to get a proper certificate is beyond SK Server's documentation. We can improve the documentation a little to point to other docs available on the web, but maintaining up to date docs on this is just not practical.
amosgroth
commented
1 year ago OK, thanks for telling the ports. If you need support documenting this, let me know, as I believe this is a crucial information and use case for others who want to run SignalK on a device that has and needs a firewall. I agree that this doesn't have to be in detail and firewall-specific, but at least worth mentioning. The same goes for the certificate. It doesn't harm anyone noting that it could lead to the browser not loading or complaining about the webinterface and that it is normal and easily fixed...
Hi. Just installed signalk server on my headless Pi by following the guide. But accessing the web interface is not possible from another device in my local network. The Linux firewall (ufw) blocks the traffic since none of the signalk ports mentioned are open, tested with:
and
Couldn't find any note on this but I am willing to add that to the docs once being helped - I am surprised really being the only one having this issue?
So conrete question is: How exactly and securely do I set up the firewall so I can access all signalk services from the local network?