Join us on Discord! We now have an official Discord server for OpenFLIXR: https://discord.gg/PcCErTQ , these forums will continue to operate as normal.

[SOLVED] Port forwarding to remotely access /htpc

I've noticed that I can forward port 5050 from my router ip to my internal OpenFLIXR ip, and that works. Yet, when I try to do that for port 8085 (which is the hptc manager port, or so I see in the settings page), it doesn't work.
Is there something special to it?
And, if I can forward to the /htpc of OpenFLIXR, is there some benefit of the links within the manager? Would it be possible to just open CP/Sab/SickRage from within that portal without having to forward all the different ports?

Comments

  • You can forward any port you want, but there's only 1 port (one) that you should forward from the internets to your OpenFLIXR. Port 443.

    When you do that, together with all the requirements listed on the remote tab of the setup wizard, you can enjoy all of OpenFLIXR from the internet, securely.

  • Is it safe to run the setup again, just for that? Or can I find those settings somewhere after setup?
    Just asking since I already configured a lot of stuff after my last setup.

  • It's mostly safe. When you would fill in all the settings again, everything should be fine.
    But I can't remember everything and all that the setup does in regards to other stuff, that's why you should always make conscious decisions when running the setup wizard.
    But please do read everything that it says, I only mentioned important stuff, I can't stress enough how important it is you read the help (you're not the only one :) ).

    In the future, the wizard will be easier and usable for settings should you decide to change things afterwards, but it's not possible at this moment. So only click finish when you're absolutely sure everything is in good order :)

  • edited August 2016

    I don't see how you could make it any more simple though, it already is ;-)
    Only real config I changed afterwards was post processing of CouchPotato, since the default setup doesn't do that (it sets the download location in Sab directly to the mounted drive for movies, no intermediate folder and cp post processing/renaming).
    I'll look into the remote stuff in the wizard tonight though, thanks for the tip.

  • Well, I do know how I could make it a lot easier :)
    Most important things: let end user make individual changes without doing the whole setup again, read back current settings so you don't have to enter them all again and also a lot of other stuff like Newznab, Plex tokens, mounts, etc...

    Mmm, note to self: don't look at todo list when working on next release. There seems no end to it ;)

  • One more question here, reading through the setup, looking up info about a records etc..., they all mention static ip addresses (which is logical).
    Yet, my provider (Telenet) works with dynamic ip addresses, they don't change all that often (hardly ever), but, they CAN change. I know you've got stuff like DynDNS or NoIP, but, is it possible to open up the 443 port with a domain/ssl even when behind a router with dynamic ip's?

  • Sure, that's no problem. Should your IP change, the only thing you would have to do is change the DNS records.

  • A certificate is not tied to an IP address but to a domain name.

  • edited August 2016

    Ok, so, I registered a domain name, went to the control panel and modified the A record to point to my public IP.
    Then I forwarded that public IP:443 to my internal openflixr IP.
    Ran setup again, this time filling in the domain and my emailadres in the remote tab.
    Yet, when I try to connect to the domain, it says that the connection was refused...

    I tried to attach a screenshot, but I get console errors on chrome for this forum when trying to do that.
    So, here's my best effort to include the info of my domain records:

    Name TTL Type Value
    5 min. A my public ip
    1 day MX
    ftp 1 day CNAME
    mail 1 day CNAME
    www 1 day CNAME

    I only changed the ip for the first row, the other records were already there and I left them like they are.
    Am I missing something?

    By the way, all changes to domain stuff have been propagated so it seems, cause when you ping the address from a site like "https://asm.ca.com/en/ping.php" you can see that a lot of servers around the world are already looking at the correct ip.

  • I see you figured it out :) well done! 
    I advise you to mask your IP and domain name in your post. 

    Maybe be you didn't connect with https?
  • edited August 2016

    Well, 10 years of software development, yet hardly any experience with linux and stuff like https connections and A records, but yeah, I'm trying ;)

    And, .... yeah, the only thing I didn't try was to connect through https... which I just did, and, it works ;)
    But, is it logical that I can just click and run through the setup wizard without having to have put in any password?

  • I'm not sure what you mean. Do you want to be able to go through the settings without entering a new password? If yes, that's not how the wizard is meant to be used right now, it's a full, first time wizard. I'm working on improvements. 
  • edited August 2016
    No, I mean that I don't have to login at all to be able to run the setup, I can pick a new password there, but, don't have to enter an old one, so in a way, everybody can go to the domain and run my setup it seems :o
    I have to login to continue to /htpc though, so, that's good.
  • Don't worry, it's only available from your LAN. Nobody from the internet will be able to access the setup, they will get an access denied. 
  • That's good to hear, I already thought it was quite strange that it worked...
  • This also goes for /wetty and /support. Those 3 are available from your LAN, but not from the big bad internetz. 
  • Hi,
    it's not really true, this part should be changed. I don't like the landing page without any authentication and for that I've change the reverse nginx configuration asking for the default login/password. Also, if you have a double nat like me the setup it's reachable from internet. I've change also this part of reverse configuration removing the 192.168.0.0/16 and putting also my real internal lan. Beware it someone else have this kind of configuration.
  • I beg to differ, it's 100% true.
    If you don't like the landing page without any authentication, maybe OpenFLIXR isn't for you. It's how it's designed and meant to be used.
    You could of course make custom changes like you did to fit your requirements.

    Double NAT is not something I can account for, it's a bad idea. Like you're experiencing.
  • I'd like to nuance it a bit. Don't run OpenFLIXR from the internet if you don't know what you're doing.

    There are a gazillion setups that don't lend itself for remote access. Like the before mentioned double NAT, but also do not place OpenFLIXR in your DMZ (as meant from an router/firewall perspective), don't forward any other ports than 443, don't configure internet IP ranges in your local LAN, don't configure remote access if you're paranoid, and I could on and on. 

    If you have no idea what I'm talking about, do not enable remote access for OpenFLIXR!

    the Dev. 
  • I know what I'm doing and how to mitigate it. My advisory was to all other guys that have my some configuration and don't know or don't check if the /setup it's enable over internet. Double NAT I agree with you it's not good as single NAT, but sometimes it's necessary to mitigate the issue of some ISP's like in Italy, that enable only 3 IPs on lan. 
    If I'm there it's because I like your work and what are you doing for our community, but please take our suggestion for adding some more feature or improvment. My work it's to be "paranoid", and yes of course, I dislike showing what I play on Plex or what i'm exposing in terms of service over public internet. Yes adding login credential could be a plus for someone else that don't know how to edit nginx reverse proxy, it's easy to implement during setup procress.

    My best wishes for your great OPENFLIXR! :)

    Val.
  • I know where you're coming from but it's undoable to account for every setup and wish. I'd like to keep OpenFLIXR simple, with as few as possible settings. That means not everybody will be satisfied with its (my) choices. But as I've said before, I'm alone. I want to spend the time I can work on OpenFLIXR the best I can. So I have to make choices :)
Sign In or Register to comment.