Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change settings around VRM / ssh tunnel / remote access #1255

Open
wiebeytec opened this issue Apr 17, 2024 · 2 comments
Open

Change settings around VRM / ssh tunnel / remote access #1255

wiebeytec opened this issue Apr 17, 2024 · 2 comments
Milestone
v3.40

Comments

@wiebeytec
Copy link
Collaborator

wiebeytec commented Apr 17, 2024
edited

Current situation

The ssh tunnel for access to local services is started when:

  • Remote support is enabled, or
  • Remote console (VNC) on VRM is on

The problem is that remote Node-RED and Signal K also needs this tunnel, but there is no 'Node RED on VRM' option. It currently just says in the GUI: "Access node-RED via http://venus.local:1881 and via VRM". But via VRM only works if the ssh tunnel is on, so only when 'remote support' or 'remote console on VRM' is enabled.

Desired situation

  • Probably a new option to 'expose local web services to VRM' should be made. I don't know what the best wording is. It affects both Node-RED and Signal K, but that is probably too long, and may change in the future.
  • And, with the GUIv2, the ssh tunnel's run condition for remote console is no longer required, for most people. But, it's still used for when you're running a custom build of the wasm. I'm unsure how to deal with that.
@wiebeytec wiebeytec added this to the v3.40 milestone Apr 17, 2024
@mpvader
Copy link
Contributor

mpvader commented Apr 17, 2024
edited by wiebeytec

The following would be taking it a bit wider, but how about we change the Logging to VRM setting (vrmlogger on/off) into a setting with three options. Name of the setting is VRM Portal. Options are:

  1. Off
  2. Read only. (vrmlogger is enabled)
  3. Full access (default) (MQTT + the option for ssh tunnel)

The VRM two way communication setting, as well as the Remote console on VRM setting can then be removed. What we accomplish then is one setting less.

Resulting settings:

  • Local gui (gui v1, gui v2). (on GUIv1: start ssh tunnel when VRM is 'full access')
  • remote support (on, off) (always start SSH tunnel, and put the authorized_keys in place)
  • vrm (off, read only, full access). 'Full access' starts flashmq and enables the MQTT bridge config. LAN access is only opened up in iptables when MQTT on LAN is also on.
  • services -> Node-Red (start ssh tunnel when VRM is 'full access')
  • services -> Signal-K (start ssh tunnel when VRM is 'full access')
  • Added later, because a coming change requires this too: EVCS (start ssh tunnel when VRM is 'full access')
  • services -> MQTT on LAN: starts flashmq and opens up the firewall, as already the case.

Services that are influenced:

  • FlashMQ runs when services/mqtt on LAN or VRM full access is on. Bridge config is placed in when 'full access' VRM. LAN access is protected by iptables when MQTT on LAN is off. This is like this currently already.
  • Firewall opens up access to MQTT LAN when services/MQTT on lan.
  • SSH tunnel is started when (VRM is full access + service that needs it. OR 'remote support' is enabled.

(edited by Wiebe, finishing the thought)

@mpvader
Copy link
Contributor

mpvader commented Apr 18, 2024

As discussed today, @jhofstee & @jepefe will review the idea and if they agree we go for this.

@mpvader mpvader changed the title Change ssh tunnel run conditions wrt to GUIv2 and Node-RED Change settings around VRM / ssh tunnel / remote access Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.40
Development

No branches or pull requests
2 participants
@mpvader @wiebeytec