Open margielamadman opened 5 years ago
@margielamadman Sorry, the email for this went to my junk box for some reason. Just now seeing it.
Remember in the future we plan on adding authentication to the control server so this whole deal is publicly accessible just to the admin. The whole point of the control server is that it will allow a single point of authentication to all home alert nodes, so it is the only part of the internal network that needs to be publicly accessible. If the control server gets moved outside the private network of the main servers, then each of the main servers has to have a way for the control server to forward traffic from main server to the end user. I can think of two options off the top of my head.
So I don't really know how the config file would look in that case :)
@margielamadman We should look into this further. Just verified the following assuming you allow localhost traffic to the site,
ssh -L $SOME_PORT:localhost:$MAIN_SERVER_PORT $user@$main_server
then going to http://localhost:$SOME_PORT/
in browser accesses the main server.
Just tested with -R
to reverse tunnel to the control server, and then put another reverse proxy entry for $SOME_PORT
, works like a charm.
And the iptables rule I put on the main server:
sudo iptables -I INPUT -p tcp --dport 5000 -s 127.0.0.1 -j ACCEPT
How would the config file need to be changed so that I can have a control server in the cloud reachable with a public ip that then controls the locations in my house? That way I can use the app from anywhere. Does the reverse proxy on the control server just handle that?