ioBroker.admin

User interface for configuration and administration of ioBroker.

This adapter uses Sentry libraries to automatically report exceptions and code errors to the developers. For more details and for information how to disable the error reporting see Sentry-Plugin Documentation! Sentry reporting is used starting with js-controller 3.0.

Using common.localLink

• %ip% - ioBroker ip address (address of the admin)
• %secure% or %protocol% - read from native.secure the value and use http or https
• %web_protocol% - looking for the first instance of web (e.g. web.0) and get native.secure from system.adapter.web.0
• %instance% - instance of the adapter
• %someField% - get someField from native of this adapter instance
• %web.0_bind% - get native.bind from system.adapter.web.0
• %native_someField% - get someField from native of this adapter instance

Scheduled restart

Some adapters are not stable or connection disappear after one or two days. To fix this there is a scheduled restart setting. To activate scheduled restart just define CRON condition when to restart adapter.

It is suggested to restart in the night, when no one use the adapter, e.g. 0 3 * * * - at 3:00 every day.

Let's Encrypt Certificates

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

You can read about Let’s Encrypt here.

Some installations use Dynamic DNS and Co to get the domain name and to reach under this domain name own websites. ioBroker supports automatic request and renew of certificates from Let’s Encrypt Organisation.

There is an option to activate free certificates from Let’s Encrypt almost in every adapter, that can start some web server and supports HTTPS.

If you just enable the using of certificates and will not activate an automatic update the instance will try to use stored certificates.

If the automatic update is activated the instance will try to request certificates from Let’s Encrypt and will automatically update it.

The certificates will be first requested when the given domain address will be accessed. E.g. you have "sub.domain.com" as address, when you try to access https://sub.domain.com the certificates will be first requested, and it can last a little before first answer will come.

The issuing of certificates is rather complex procedure, but if you will follow the explanation you will easily get free certificates.

Description:

1. The new account will be created with given email address (you must set it up in system settings)
2. Some random key will be created as password for the account.
3. After the account is created the system starts on port 80 the small website to confirm the domain.
4. Let's encrypt use always port 80 to check the domain.
5. If port 80 is occupied by other service see point 4.
6. After the small web server is up the request to get certificates for given domains (system settings) will be sent to the Let's encrypt server.
7. Let's encrypt server sends back some challenge phrase as answer on the request and after a while tries to read this challenge phrase on "http://yourdomain:80/.well-known/acme-challenge/<CHALLENGE>"
8. If challenge phrase from our side comes back the Let's encrypt server send us the certificates. They will be stored in the given directory (system settings).

Sounds complex, but everything what you must do is to activate checkboxes and specify your email and domain in system settings.

The received certificates are valid ca. 90 days. After the certificates are received the special task will be started to automatically renew the certificates.

The topic is rather complex and 1000 things can go wrong. If you cannot get certificates please use cloud service to reach your installation from internet.

Let's encrypt works only from node.js version>=4.5

Simple instance's settings page

The user has the possibility to limit the access to the instance configuration dialog. For that the option "Allow access only to specific instances" must be activated. It could be found on the "Access to the instances" tab. Additionally, the allowed instances should be selected in the appeared configuration table.

If this option is disabled, the simple configuration page could be accessed under http://IP:8081/configs.html

Reverse proxy

Please be sure that you forward not only the http/https requests, but the web-socket traffic too. It is essential for communication.

From version 6.1.0 you have the possibility to tune intro page for usage with reverse proxy.

Example

Your ioBroker.admin runs on port 8081 behind reverse proxy with domain iobroker.mydomain.com under path /ioBrokerAdmin/. And you set up e.g. nginx to forward the requests to the http://local-iobroker.IP:8081.

Same is with your web instance: https://iobroker.mydomain.com/ioBrokerWeb/ => http://local-iobroker.IP:8082. And with rest-api instance: https://iobroker.mydomain.com/ioBrokerAPI/ => http://local-iobroker.IP:8093.

You can add following lines into Reverse Proxy tab to let Intro tab run behind reverse proxy properly:

So all links of instances that use web server, like eventlist, vis, material and so on will use https://iobroker.mydomain.com/ioBrokerWeb/ path

OAuth2.0 Authentication flow

There is a possibility to use OAuth2.0 authentication for other services. Admin has an endpoint oauth2_callbacks.

The calls like http(s)://ip:port/oauth2_callbacks/adapterName.X/?state=ABC&code=123&param=true&param2 will be processed and the special message oauth2Callback will be sent to adapterName.X instance with query parameters {"state": "ABC", "code": 123, "param": true, "param2": true}.

As mandatory response the admin expects the object like: {"result": "Show this text to user by success", "error": "ERROR: Result will be ignored"}. The result or error will be shown to the user. Please send already translated messages.

Used icons

This project uses icons from Flaticon.

ioBroker GmbH has a valid license for all used icons. The icons may not be reused in other projects without the proper flaticon license or flaticon subscription.

Changelog

6.2.18 (2022-08-24)

• (bluefox) Corrected GUI bugs on custom settings

6.2.17 (2022-08-19)

• (bluefox) Corrected GUI bug on intro tab

6.2.16 (2022-08-18)

• (bluefox) Corrected many GUI issues
• (bluefox) Added stable flag for repositories
• (bluefox) Added reset button for repositories
• (bluefox) Improved writeFile function for socket communication

6.2.14 (2022-08-06)

• (Apollon77) Fix for OAuth2 authentication response success page

6.2.13 (2022-08-01)

• (bluefox) Corrected JSON config

License

The MIT License (MIT)

Copyright (c) 2014-2022 bluefox [email protected]