Access from Internet to Manager

Hi @rich @Don @michal,

I had another question, as for my prototyping, I need to be able to share the management GUI with external people on the internet. What’s the best way to expose the interface?

I tried allowing port 443, but it seems to just do very little. Are there other ports that my firewall needs to be aware of to allow access from the internet to the Manager GUI?

Rgds,

Mark

You need both 80 and 443 for accessing the manager console. 80 is there for receiving and refreshing SSL/TLS certificate. Some other ports can be forwarded depending on your configured protocols. Think about MQTT, TCP, UDP, etc.

Perfect - I thought that was the case, but just wanted to check - I’m just using HTTP and HTTPS to push data from our sensors, and I’m using different port numbers, and mapping them to different ports internally. GUI is working fine. Thanks for your help @michal

If you can get a domain name pointing to your WAN IP address (if you’ve not got a static IP then use a service like dyndns or similar) then you can set the following environment variables:

proxy:
   environment:
      DOMAINNAME: mydomain.com
keycloak:
   environment:
      KEYCLOAK_FRONTEND_URL: https://mydomain.com/auth
manager:
   environment:
      IDENTITY_NETWORK_HOST: mydomain.com

The proxy container will then get a self generated SSL cert using letsencrypt, this is where you need port 80 open.