we have 3 people here who work in laserweb via their pc and then connect to a lw.comm-server and use the connected laser remotely.
Since the lw.comm-server is open in the local network, there have already been unwanted incidents. Is there a possibility to put a password on the lw.comm-server or to put it behind a reverse-proxy with password ?
With a reverse proxy you can still access the web interface but not the server itself under comms because you have to enter a password, i think.
I am aware that it would be best to create our own network for this, but we do not have the equipment.
I hope someone can help me there with kind regards.
Trying to secure
lw.comm-server is well beyond the scope of what we, as developers, are either able or willing to do. It basically opens up a whole nest of complexity and liability and I, at least, do not want to get into.
All the traffic between the server and client web browser is HTTP based, the control connection is made via a websocket. So adding a simple reverse proxy in front of that (with authenticatiom) is quite possible. In fact I have done this myself using apache + http basic authentication just as a ‘proof of concept’.
Now I’m going to be a bit cruel and say that I refuse to give you any help in this.
This is not because I do not want to help, but because If we document this somebody [Not you, you seem quite competent!] will promptly expose their machine on the internet and burn their workshop down by remote control… I exaggerate, but I hope you get my point here.
What I would like to do is some sort of ‘physical presence’ token, eg a pin code that is displayed on the machine and has to be entered in the webUI before the comm-server allows any movement or cutting operations. That would allow people to set up jobs, but have to prove they are at the machine before the fireworks can go off.
What about explicitly not exposing the port on the network at all, and allowing only SSH connections from the three authorized systems, with port forwarding?
Like @easytarget I’m a bit worried about generally documenting something that might encourage remote laser use.
Thank you for the quick answers,
yes i understand that it is really a problem. We here use it as a luxury, so using via the lw.comm-server. Some also control it here comfortably via their tablets but are always there which is our most important rule.
Since we also had the problem that some of them simply left the room during operation, we installed an Arduino that controls the 24v power supply of the laser and we have to press a button every 5 minutes (with prior warning) so that the laser stays on. A lot can happen in 5 minutes but it is still an excellent “suggestion” not to leave the room.
Unfortunately, what happened to us recently is that someone from the next room took the wrong lw.comm-server for whatever reason and ruined a lot of work with it (unfortunately, it was not noticed directly because they thought it is still the same job).
Thanks for the idea @mcdanlj but we can’t use ssh on all devices, but the idea gave me another idea with a “not real” network (i don’t want to say it too loudly before someone really gets the idea of controlling their laser from home).
in any case thank you very much for your answers !