Accessing Relica Remotely

Sometimes you may wish to access Relica's graphical UI remotely from your local computer, for example, to administer Relica on a machine that doesn't have a desktop environment from your local computer which does. This page describes three ways to do this securely and easily. We assume the remote machine (the one where you want to access Relica) is Linux, although the basic concepts carry over to other operating systems.

These methods are presented in the order they are recommended, i.e. Method 1 is the most recommended if you can use it, then Method 2, etc.

Method 1: SSH Port Forwarding

This method only works if Relica is NOT currently running on your local machine. If it is, that's okay, just skip to Method 2.

This method requires that the remote machine with Relica is running an ssh server. If you can SSH into that machine, this method is the easiest to set up and use: it only has one step.

Enabling Port Forwarding

On your local computer (not the remote you are trying to access), set up a port forward using this command:

ssh user@host -L 1201:localhost:1201 -N

Be sure to replace user and host with the correct values. Note that this command will block indefinitely; you should terminate it when you are done accessing Relica.

That's it! Simply go to localhost:1201 in your browser (or relica.app if that's easier for you to remember), and your request will be forwarded to the remote machine, as if it originated from that machine. You can then use the remote Relica's UI from your own computer.

Method 2: SSH Tunnel

This method works even if Relica is currently running on the local machine. This method is also easy, but requires one more step than the port forwarding method above.

This method requires that the remote machine with Relica is also running an ssh server. If you can SSH into that machine, then you can carry out these instructions on your local computer.

Assuming you can already SSH into the remote machine, then you can carry out these instructions on your local computer. All you need to do is start a tunnel to the remote and configure your computer to use the tunnel.

Creating the Tunnel

On your local computer (not the remote you are trying to access), create the tunnel using this command:

ssh -D 8123 -C -q -N user@host

Be sure to replace user and host with the correct values. Note that this command will block indefinitely; you should terminate it when you are done with the tunnel.

Configuring SOCKS Proxy

The last thing to do is configure your system to use the tunnel. How this is done varies based on operating system and software (web browser in this case). You will need to find out how to change your Proxy settings so the configuration looks something like this:

Web browsers often have their own proxy settings you can configure; and sometimes they honor the operating system's proxy settings by default. Keep in mind that if you use an extension like Proxy Switchy Omega, you may have a third point of configuration to check (sometimes it bypasses the system proxy unless you explicitly tell it to use it).

Accessing Relica

That's it! Once you've applied the proxy configuration, then navigate to localhost:1201 (or relica.app if that's easier to remember) in your web browser. Since you are securely tunneling network requests to your remote machine, "localhost" actually means localhost as loaded from the remote computer. Hence, this loads the remote Relica UI.

Troubleshooting

If you get connection errors, check for these few common configuration errors:

Method 3: Reverse proxy

To remain secure, this method requires:

The reason for the second requirement is that this method relies on HTTPS to secure credentials in transit; on a trusted LAN this may not be as much of a concern for you, but over the Internet it is definitely a requirement. In this guide, we'll set up Caddy since it's the easiest to set up properly and securely.

Installing Caddy

On the remote machine, download and install Caddy. This can be done in the terminal using either curl or wget. For example, with wget (assuming personal, non-business environment):

wget -qO- https://getcaddy.com | bash -s personal

In any folder of your choosing, make a file called Caddyfile (no extension). Fill the Caddyfile with these contents:

192.168.1.2:3101 basicauth / username123 password123 proxy / localhost:1201 { header_upstream Origin localhost:1201 }

If the remote machine will only be accessed from an internal LAN: Replace 192.168.1.2 with the remote machine's internal IP address. Or, if you are sure that the machine cannot be accessed from outside the network, you may remove the IP address entirely (but leave the port!) to be accessible from any remote.

If the remote machine is to be accessed over the Internet: Replace 192.168.1.2 with the public DNS name of the machine. This must be a public domain name that can get a certificate from Let's Encrypt. You must also have ports 80 and 443 open and available in this case. Caddy will manage the certificates for you to ensure only secure connections are made. (If you want the Relica UI to be served on the standard HTTPS port of 443, replace the whole first line with just your domain name.)

Either way, be sure to replace username123 and password123 with a username and password of your choosing. If you trust ALL USERS on the network with access to Relica, you may omit the basicauth line entirely (not recommended). Do NOT remove the basicauth line if serving open to the Internet unless you have some other authentication in place.

Run Caddy from the same folder that has the Caddyfile:

caddy

Note that Caddy needs permission to bind to ports 80 and 443 if serving a public DNS name. Be sure to read the Caddy docs to understand the implications of your configuration and to learn how to test your configuration before risking hitting Let's Encrypt rate limits. You may also want to configure logs (-log flag and log directive).

Accessing Relica

In your browser, go to the address at the top of your Caddyfile. From our example, it would be http://192.168.1.2:3101. For you, it may be a public DNS name or some other IP address. If a public DNS name, you will be redirected to HTTPS if you do not specify it yourself.

With basic authentication configured, you will be prompted for a username and password by your browser. Enter your credentials, and then you will be able to use the remote machine's Relica UI.