[Request] Do not require external access for daemon

[Willsr71]

Right now you have to open up port 355somethingsomething and make sure it is accessible by the panel, however I would like to host a server on my home network (that is currently just command line) on SpaceCP without having to port forward anything. I do not believe this would require too much reworking since there is already a websocket connection that is started by the daemon that connects to the panel (I think), but I could be entirely wrong.

I will edit this in a bit with more accurate info.

[dentmaged]

But doesn't your web browser connect to your daemon on the server, so you have to have it port forwarded.

[Willsr71]

Right now I believe there are two websocket connections. One from the daemon to the web server and another from the web server to the daemon. The one what requires port forwarding is the one from the web server to the daemon, but that could, in theory, be removed and have all communication on the daemon <-> web server websocket.

Simpler explanation: WebSockets are two-way connections so there is no need to have two. Just have one that is started by the daemon and connects to the web server for all communication.

Now I know that there is a bit more back end stuff than this but it gets the point across.

[JamyDev]

Close but not completely accurate. There's only 1 connection between the web server and the daemon. The reason why you need port forwarding is because the panel connects TO the daemon.

The daemon just sends out a web request to the control panel on startup.

[JamyDev]

It is possible to make the daemon connect outbound to the panel but at this point in time we're not planning on doing that.

[Willsr71]

Ok thanks anyway :)

[dentmaged]

I'm guessing you use Socket.IO?

[JamyDev]

Client->server, yes

Daemon->server, raw websockets with a semi-custom rpc

[dentmaged]

Okay, I could help write a back end server which the daemons connect to and then when the browser says install "plugin x on server y", we find that daemon and we check if the user owns it and then we emit to the daemon's socket saying install "plugin x on server y". So, you wouldn't need to port forward. I'm also on my phone :(

[JamyDev]

There's a few things that we have to consider before we can do this. However, we're revamping our auth protocol which will allow both ways of connection setup.

The problem right now is that the panel needs to auth to the daemon using a password. If a daemon connects and says "Hi I'm daemon A" we wouldn't want the panel to send the daemon auth code without any means of verification.

We're planning on switching to certificates on both sides, signed and issued by the panel. This would easily authenticate the panel against the daemon and the other way around.

I'm also on my phone :p