The nymea remote proxy server acts as the rendezvous point between nymea servers and nymea clients and provides a secure tunnel to reach devices that sit behind NAT or firewalled networks.
- Secure TLS-protected tunnels between nymea instances.
- JSON-RPC based control plane with optional monitoring interface.
- Usable as system service or launched from a build tree for development.
To build the proxy from source, install the Qt development packages and the helper tools that produce the Debian packages:
sudo apt install debhelper dpkg-dev pkg-config qt6-base-dev qt6-base-dev-tools \
qt6-websockets-dev libncurses5-dev
cd nymea-remoteproxy
mkdir -p build && cd build
qmake ../
make -j$(nproc)
The resulting binaries and libraries will be available in the build directory. When running directly from there, the helper libraries must be discoverable:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/libnymea-remoteproxy:$(pwd)/libnymea-remoteproxyclient
./server/nymea-remoteproxy -c ../nymea-remoteproxy/nymea-remoteproxy.conf
Official nymea packages are available:
sudo apt install nymea-remoteproxy nymea-remoteproxy-tunnelclient nymea-remoteproxy-monitor
The installation starts the nymea-remoteproxy.service systemd unit and also installs a test client.
sudo make install
The package ships /etc/nymea/nymea-remoteproxy.conf which can be used verbatim or as a template:
[ProxyServer]
name=nymea-remoteproxy
writeLogs=false
logFile=/var/log/nymea-remoteproxy.log
logEngineEnabled=false
monitorSocket=/tmp/nymea-remoteproxy-monitor.sock
jsonRpcTimeout=10000
inactiveTimeout=8000
[SSL]
enabled=false
certificate=/etc/ssl/certs/ssl-cert-snakeoil.pem
certificateKey=/etc/ssl/private/ssl-cert-snakeoil.key
certificateChain=
[UnixSocketServerTunnelProxy]
unixSocketFileName=/run/nymea-remoteproxy.socket
[WebSocketServerTunnelProxy]
host=127.0.0.1
port=2212
[TcpServerTunnelProxy]
host=127.0.0.1
port=2213
To generate a line coverage report:
- Run
qmake CONFIG+=coverageand execute the tests to produce the.gcno/.gcdadata. - Install tooling and generate the HTML report:
sudo apt install lcov gcovr
./create-coverage-html.sh
The HTML output lives in coverage-html/.
You can experiment with a local instance by issuing a self-signed certificate and pointing the proxy to it.
sudo apt update
sudo apt install nymea-remoteproxy nymea-remoteproxy-tunnelclient
After installation the daemon starts automatically using /etc/nymea/nymea-remoteproxy.conf, which you can adapt for local testing. Create a throwaway certificate:
cd /tmp
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout test-proxy-certificate.key \
-out test-proxy-certificate.crt
sudo cp test-proxy-certificate.crt /etc/ssl/certs/
sudo cp test-proxy-certificate.key /etc/ssl/private/
Adjust the config:
certificate=/etc/ssl/certs/test-proxy-certificate.crt
certificateKey=/etc/ssl/private/test-proxy-certificate.key
Restart manually for verbose output:
sudo systemctl stop nymea-remoteproxy.service
sudo nymea-remoteproxy -c /etc/nymea/nymea-remoteproxy.conf --verbose
The nymea-remoteproxy server, monitoring tools, and tunnel client are distributed under the terms of the GNU General Public License version 3.
The reusable libraries located in libnymea-remoteproxy and libnymea-remoteproxyclient are provided under the GNU Lesser General Public License version 3 (or later).
See LICENSE.GPL3 and LICENSE.LGPL3 for the full texts.