How does remote access work

(Rarabass) #1

can someone please point me at some documentation that explain how accessing the gateway web portal work remotely? Basically, I took off my phone from the wifi, and I can still access the sub-domain I created and login as the user I created and control the lights.

is the gateway poling? or listening on some websocket? are my things synced to the cloud?

sorry, if I had missed some documentation and asking this question.

(Michael Stegeman) #2

To make this happen, we use PageKite on a Mozilla-owned AWS server to securely tunnel traffic, and that server also handles DNS resolution. For an explanation, see here:

Essentially, the gateway initiates a secure tunnel with the AWS server. All * domains resolve to the AWS server’s IP address, but we do some magic to map that domain to the proper PageKite tunnel.

(Rei Vilo) #3

The link seems to be dead.

Find information at

(Michael Stegeman) #4

I typoed before. The link is updated.

(Nicholas Herriot) #5

HI Mozilla,

I’ve just got a couple of Rapi 3 gateways running directly from the github instructions. I set them up using self certification for SSL.

Any pointers/documents to allow me to setup a Currently the menu system does not allow modification of the domain? :frowning:

Kind regards, Nicholas

(Ben Francis) #6

Hi Nicholas,

You can’t really use self-signed certificates in conjunction with a subdomain, because the certificates need to be generated by LetsEncrypt on behalf of Mozilla in ordered to be trusted by browsers.

You either need to opt into the subdomain during first time setup and allow LetsEncrypt to automatically generate the certificates for you, or choose your own domain (or local host) and generate your own certificates.

We haven’t created a UI for configuring a custom domain in settings yet (that’s bug so you’d need to do that yourself on the command line.

If you’re running the gateway on a Raspberry Pi you might be better off using the pre-built image (instructions on the blog) which also does other useful things like configure iptables so the gateway process doesn’t have to run as root to run on port 80/443.

If you want to configure a custom domain yourself, you just need to point that domain at your IP address, but if you Raspberry Pi is behind a firewall you’ll need to open up ports on your router and forward them to the Raspberry Pi. This is something else the pre-built image solves automatically, by using a tunnelling service.


(Nicholas Herriot) #7

Thank you Ben for the quick reply.

This bug is marked as a ‘story’ in github. Is this linked to a trello or jira story that is public in some way that I can look at to potentially contribute to?

Kind regards, Nicholas.

(Ben Francis) #8

The GitHub issue is the user story, our backlog is public on Waffle

Doesn’t have UI mockups yet and the requirements probably need discussing in more detail, but contributions are welcome!

(Crowmagnum) #9

How do I trigger the first time setup on a gateway that skipped that process originally?

(Ben Francis) #10

How do I trigger the first time setup on a gateway that skipped that process originally?

I’m afraid there’s not yet an easy way to do that, though it will eventually be part of the Settings UI. Someone may be able to tell you the exact things you need to delete from the database in order to re-trigger first time setup, but otherwise your best bet is probably to re-flash a fresh image.