Documentation
WebServer
The WebServer module in IP-Symcon is used to make the WebFront available via another port. By default, the WebFront is available via port 3777. In particular, another WebServer is advantageous if SSL encryption is to be used.
Optionally, it is possible to enable basic authentication, which provides additional protection for the "user" folder.
Scripts executed by the WebServer include these system variables .
The JSON-RPC API (/api/) is available on any WebServer and is secured by remote access. Since IP-Symcon 4.0, the WebHooks (/hook/) are also available, each of which is secured by the authentication of the respective WebHook.
Since version 4.0, the WebServer is no longer added automatically. To be able to use it, it must be added via "Add object -> Add instance -> WebServer"
Basic authentication applies to the "user" folder only. The start page with the list of available configurators is always accessible without a password. If a WebFront password is to be assigned for each WebFront configurator, this can be set up in the configuration of the respective WebFront configurator
SSL Encryption
To use SSL, at least the certificate and the private key are required.
| Option | Description |
|---|---|
| Certificate | Selection of the *.pem file containing the certificate |
| Private key | Selection of the *.pem file containing the private key |
| Certification body (optional) | Selection of the *.pem file which contains the certification authority for a trusted access |
| DH parameters (optional) | Select the dhparam.pem file for the Diffie-Hellman parameter which prevents a logjam. This brings increased safety |
Create certificate
Using OpenSSL, certificates and private keys can be created.
// Generate a private key
openssl genrsa -out pk.pem 1024
// Create a certificate signing request
openssl req -new -key pk.pem -out req.csr
// Self-sign the csr
openssl x509 -req -days 3650 -in req.csr -signkey pk.pem -out cert.pem
For a Browser to accept a certificate, IP-Symcon must be accessible via a public domain and a certificate issued by a recognized certificate authority must be present.
"user" Folder
The "user" folder contains user-defined contents of IP-Symcon (e.g. additional display scripts).
The path to this folder depends on the operating system used.
- SymBox: /var/lib/symcon/webfront/user/
- Windows: C:\ProgramData\Symcon\webfront\user\
- MacOS: /Library/Application Support/Symcon/webfront/user/
- Linux: /var/lib/symcon/webfront/user/
- Raspberry Pi: /var/lib/symcon/webfront/user/
If files are stored under another path, they will be deleted automatically during the next update of IP-Symcon. This is the only way to ensure that the installation of IP-Symcon always remains free of file version conflicts.
Up to and including IP-Symcon 6.4 the paths were the following:
- SymBox: /var/lib/symcon/user/
- Windows: C:\ProgramData\Symcon\user\
- MacOS: /Library/Application Support/Symcon/user/
- Linux: /var/lib/symcon/user/
- Raspberry Pi: /var/lib/symcon/user/
Protect "user" folder
If the content has been stored in the special "user" folder, it is advisable to activate basic-authentication. In this way, these contents are additionally protected and require the respective username/password combination within the WebFront or the mobile Apps.
The authentication setup is located at the Special Switches.
If the authentication base has been activated in a previous IP-Symcon version (up to and including 5.0) in a web server, this is valid until it is deactivated.
Log files
The option "Create log files" creates a file named access_12345.log in the "logs" directory of IP-Symcon for each WebServer, where the number 12345 stands for the InstanceID of the WebServer.
The created log files are Webalizer compatible and can thus be evaluated graphically.
The path to this folder depends on the operating system used.
- SymBox: /var/log/symcon/
- Windows: C:\ProgramData\Symcon\logs\
- MacOS: /Library/Logs/Symcon/
- Linux: /var/log/symcon/
- Raspberry Pi: /var/log/symcon/
Tips and tricks