question

I'd be very weary of putting Venus on the web like that. The secure Remote Access tunnel via VRM is the way to go.

If you just want to display some of your data then there's the VRM API https://docs.victronenergy.com/vrmapi/overview.html

Thanks for the heads up.

Id also put it behind additional security (I use authentik SSO) was hoping to use that with it rather than sharing my victron password or asking family to create victron accounts.

Maybe the api is my best option then. Shame it means I'll be relying on some else's cloud.

Thanks @ikeakayke,

Does this work for you? I tried configs very similar to this and they failed. It gets stuck on Remote Consol "Connecting" page. Based on chrome consol logs I assumed it was websockets not playing nicely with the nginx forwarding.

Maybe a newer version of venus os resolves my issue. Do you mind me asking what firmware version you're running?

Thanks,
Matt.

Kindly disregard my previous answer, I was unaware it actually uses VNC to connect to it :) I just thought it's some html5 page. Just checked and it needs port 81 for vnc client. Although this can be fixed with also setting nginx to do tcp proxy for 81 I strongly advice against it.

No worries. I ran into similar issues when I originally looked into it, I did see a few posts (after I posted this one) of folk trying to edit hiawatha to use https and/or encrypt the vnc connection. Don't think they succeeded.

Was more effort than I was willing to do. I decided vpn was easier.

If anyone randomly stumbles upon this. This is how i solved it.

In /var/www/venus/index.php I've editted the part where rfb object is created to edit the encrypt line to be true if connected to site via https and false otherwise (so that if im on lan it will just use ws instead of wss) The line now shows:

'encrypt': window.location.protocol === 'https:' ? WebUtil.getQueryVar('encrypt', true) : WebUtil.getQueryVar('encrypt', false),

Then in my reverse proxy (nginx in my case). I've reverse proxied from solar.domain.com to my internal ip of the venus os. And then also the websockets connection ie solar.domain.com:81/websockify (which will be done over wss if you connect via https://solar.domain.com). and forwards this from wss to ws (port 81 subdirectory /websockify I didn't bother editing).

Given the websocket is not authenticated I've added a password to the venus os page as a half arsed measure for now. I'll be looking to add some sort of authentication to websocket connection itself going forward. I have main page behind my sso but not edited the js for authentication connection on wss yet.

For anybody interested in detailed solution. On Debian based systems create the following two files to configure NGINX. These have to be placed in /etc/nginx/sites-enabled/ to allow proxying local port 80 and 81 to the Venus web server and Venus Websocket server. You can then access your NGINX on port 80 and it will proxy all connections to Venus running in the following example on IP 192.168.42.17.

This will forward port 80 (Venus Remote Console) and all locations like /gui-beta (GUI v2) and /app (HTML MFD app) to given host.

server {
    listen 80;
    listen [::]:80;

    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://192.168.42.17:80;
   }
}

This will handle port forward of web socket port 81 used by Venus Remote Console to a given host.

server {
    listen 81;
    listen [::]:81;

    location /websockify {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_pass http://192.168.42.17:81;
   }
}

This will handle port forward of web socket port 9001 used by HTML MFD app to a given host.

server {
    listen 9001;
    listen [::]:9001;


    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_pass http://192.168.42.17:9001;
   }
}