How to useDzVents safely without letting the whole world have unrestricted acces to Domoticz Topic is solved

[RonkA]

Hello,

I'm trying to get DzVents to work on my Domoticz setup in a Docker container on my Synology NAS.
For remote acces i use the Synology.me DDns, This works great and is secured via the loginportal that Domoticz provids.
I read in the wiki it states that in order to use DzVents you should open local networks like 127.0.0.1,
Here lies the problem; If i do open 127.0.0.1 the whole world has access to all my switches and 'tweak' Setup or worse...

My Question:Can i use Dzvents without making the whole setup free to use for all?

[waltervl]

Not being an expert but on the wiki there is a method described with a reverse proxy. Not sure it will solve the issue with 127.0.0.1.
https://www.domoticz.com/wiki/Synology

[RonkA]

Hi,

My setup mirrors the Synology wiki, that works and isn't the problem,
The issue that i'm looking at is that by following the wiki on Synology AND THEN the wiki on DzVents a mayor security breach in the system is created by granting everyone access to your system.
This is I.M.H.O. an issue that should be adressed! (or am i missing something obvious?)

[waltervl]

In the domoticz log (menu setup - log) do you see a login with IP in the 127.x.x.x range when logging in through the VPN?
Every remote login is logged. Look for messages like:
Incoming connection from: 192.168.x.x

[RonkA]

I Logged in via my phone w/o using wifi to my Domoticz after clearing cookies and got login screen as intended.

Domoticz log entry :

Code: Select all

2022-07-06 19:51:03.618  Status: Login successful from 172.17.0.1 for user 'ronka'            
2022-07-06 19:51:03.618  Status: Incoming connection from: 172.17.0.1 

Reverse proxy is pointing at Localhost and docker is connected via bridge 172.17.0.1 to the inside of Domoticz-container.

Hmm..
To verify my story i added 127.0.0.1 to the local networks as stated in the DzVents-wiki, cleared cookies on phone and refreshed the page..
I got the login screen.. Amazing...
The only thing i now can imagine is that i messed up by using 172.17.0.1 in stead of 127.0.0.1

OK, another hurlde taken to get DzVents running.

Second Hmm... an errormessage in docker logbook, not in Domoticz

Code: Select all

2022-07-06 17:59:18	stdout	sh: 1: df: not found

Every 170 seconds this error is given..

[waltervl]

Good it works correctly!

Do you have some script that wants to run the df command?
Perhaps you will have to install it in the docker container as it perhaps is not present yet (the container is a bare minimal Linux environment).

[RonkA]

About the error, I noticed i have made another mistake..
When i made my first install of Domoticz i used the Synology wiki, it states:

Create Folder 'domoticz', select this folder
Mount path: /opt/domoticz/userdata

I created the folder; docker/domoticz, but the mounted the path to docker/...
I tried to mount the right folder but the nas cannot mount to both paths.
Then i renamed the faulty path and mounted the correct path to docker/domoticz and it works ok but now i lost all my hardware and devices!!
i returned everything to the first install and gladly saw everything back in place.

Im stumped by now..

[RonkA]

I've made some progress, Did a new install of Domoticz in Docker and now with the right paths and after some issues with restarting the Solaredge Modbus everything is up and running..
(had to use sudo pip3 install -r requirements.txt without 'sudo' in bash to get it started on Synology Nas)

Fingers crossed..