Enable remote access
Contents
Enable remote access¶
The base installation instructions install a complete working application for people using
nextPYP on their local computer in a way that is secure by default.
If, after you’ve installed the base application, you want to allow access from over a network, these instructions will show you how to do so securely, for a few different network configurations.
Option 1: Access within a trusted private network only¶
Choose this option if your server is not reachable from the internet, and you’d like to access it from the local private network.
Instructions¶
Edit your config.toml file (in the installation directory you created) and add the web.host option:
[web]
host = '0.0.0.0'
This configuration tells the application HTTP server to bind to all available network interfaces.
After making changes to your configuration file, restart the application:
sudo systemctl restart nextPYP
To visit the website for your installation, open http://hostname:8080 in your web browser, where
hostname is the network name of your server machine. The raw IP address will work here too,
e.g. http://10.0.0.5:8080.
Tip
If your operating system has an active firewall, be sure to allow traffic on port 8080.
Option 2: Access through untrusted networks, like the public internet¶
Choose this option if you’d like to use your website from an untrusted network, like the public internet.
Prerequisites¶
- Domain name
Accessing the app website from an untrusted network requires your server to have a domain name, e.g.,
myserver.myorganization.org. This method of allowing remote access will not work with raw IP addresses.
Instructions¶
To allow people to access your app web site securely, we’ll install the reverse proxy HTTP server
that is bundled with nextPYP.
First, navigate to the folder where you installed the application, e.g. /opt/nextPYP:
cd /opt/nextPYP
Then inspect the installation script for the reverse proxy at install-rprox.
It’s fairly simple. Once you’re confident that it does what you want, mark it executable
and run it with administrator privileges.
You’ll need to supply your server’s domain name as the $PYP_DOMAIN environment variable.
sudo chmod u+x install-rprox
sudo PYP_DOMAIN=myserver.myorganization.org ./install-rprox
Note
The domain name must be resolvable from the public internet, so shortcuts like localhost won’t work here.
Raw IP addresses also won’t work here. The value must be a real domain name from the public internet DNS.
The install script will download the rest of the needed software components and set them up. Assuming fast download speeds, the installation script should finish in a few minutes.
Check installation results¶
Among other things, the installer created a systemd deamon named nextPYP-rprox to start and stop the
reverse proxy automatically. The daemon should be running now. Check it with:
sudo systemctl status nextPYP-rprox
If all went well, you should be greeted with a response similar to the following.
● nextPYP-rprox.service - nextPYP-rprox
Loaded: loaded (/lib/systemd/system/nextPYP-rprox.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-11-16 21:44:24 UTC; 21s ago
Main PID: 3101 (starter)
Tasks: 22 (limit: 4558)
Memory: 58.1M
CPU: 221ms
CGroup: /system.slice/nextPYP-rprox.service
├─3101 "Apptainer instance: root [reverse-proxy]"
├─3102 appinit "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
└─3125 caddy run --config /var/www/reverse-proxy/Caddyfile
You should be able to visit your website at the URL https://myserver.myorganization.org, where
myserver.myorganization.org is the domain name you used in $PYP_DOMAIN.
If not, there are a few useful places to look for debugging information. See troubleshooting for more details.
Note
The correct URL when using the reverse proxy will start with https rather than http
and not include a port number suffix like :8080.
No port number should be added to the URL when using the reverse proxy to access the website.
Firewall configuration¶
The installation script will attempt to configure firewalld to allow HTTP and HTTPs traffic
from the internet. If your operating system uses a different firewall, it will not be configured by
the installation script, and you should manually configure it to allow HTTP and HTTPs traffic.