Enable remote access

The base installation instructions install a complete working application for people using nextPYP on their local computer in a way that is secure by default.

If, after you’ve installed the base application, you want to allow access from over a network, these instructions will show you how to do so securely, for a few different network configurations.

Option 1: Access within a trusted private network only

Choose this option if your server is not reachable from the internet, and you’d like to access it from the local private network.


Edit your config.toml file (in the installation directory you created) and add the web.host option:

host = ''

This configuration tells the application HTTP server to bind to all available network interfaces.

After making changes to your configuration file, restart the application:

sudo systemctl restart nextPYP

To visit the website for your installation, open http://hostname:8080 in your web browser, where hostname is the network name of your server machine. The raw IP address will work here too, e.g.


If your operating system has an active firewall, be sure to allow traffic on port 8080.

Option 2: Access through untrusted networks, like the public internet

Choose this option if you’d like to use your website from an untrusted network, like the public internet.


  • Domain name

    Accessing the app website from an untrusted network requires your server to have a domain name, e.g., myserver.myorganization.org. This method of allowing remote access will not work with raw IP addresses.


To allow people to access your app web site securely, we’ll install the reverse proxy HTTP server that is bundled with nextPYP.

First, navigate to the folder where you installed the application, e.g. /opt/nextPYP:

cd /opt/nextPYP

Then inspect the installation script for the reverse proxy at install-rprox. It’s fairly simple. Once you’re confident that it does what you want, mark it executable and run it with administrator privileges. You’ll need to supply your server’s domain name as the $PYP_DOMAIN environment variable.

sudo chmod u+x install-rprox
sudo PYP_DOMAIN=myserver.myorganization.org ./install-rprox


The domain name must be resolvable from the public internet, so shortcuts like localhost won’t work here. Raw IP addresses also won’t work here. The value must be a real domain name from the public internet DNS.

The install script will download the rest of the needed software components and set them up. Assuming fast download speeds, the installation script should finish in a few minutes.

Check installation results

Among other things, the installer created a systemd deamon named nextPYP-rprox to start and stop the reverse proxy automatically. The daemon should be running now. Check it with:

sudo systemctl status nextPYP-rprox

If all went well, you should be greeted with a response similar to the following.

● nextPYP-rprox.service - nextPYP-rprox
     Loaded: loaded (/lib/systemd/system/nextPYP-rprox.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-11-16 21:44:24 UTC; 21s ago
   Main PID: 3101 (starter)
      Tasks: 22 (limit: 4558)
     Memory: 58.1M
        CPU: 221ms
     CGroup: /system.slice/nextPYP-rprox.service
             ├─3101 "Apptainer instance: root [reverse-proxy]"
             ├─3102 appinit "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             └─3125 caddy run --config /var/www/reverse-proxy/Caddyfile

You should be able to visit your website at the URL https://myserver.myorganization.org, where myserver.myorganization.org is the domain name you used in $PYP_DOMAIN.

If not, there are a few useful places to look for debugging information. See troubleshooting for more details.


The correct URL when using the reverse proxy will start with https rather than http and not include a port number suffix like :8080. No port number should be added to the URL when using the reverse proxy to access the website.

Firewall configuration

The installation script will attempt to configure firewalld to allow HTTP and HTTPs traffic from the internet. If your operating system uses a different firewall, it will not be configured by the installation script, and you should manually configure it to allow HTTP and HTTPs traffic.