Home Docs About

Documentation

Remote Access

ProjectX42 has no paid cloud subscription. You own your server, so you set up remote access yourself. Here are three ways, easiest first.

Why there is no ProjectX42 Cloud

ProjectX42 is self-hosted by design: your data lives on hardware you control, and nothing is relayed through servers we operate. That means there is no subscription to buy — but it also means reaching your home from outside your network is something you configure once, yourself.

Option 1 — A private tunnel (recommended, no ports opened)

A mesh VPN such as Tailscale or WireGuard puts your phone and your home server on the same private network, wherever you are. Nothing is exposed to the public internet, so this is the safest option and needs no domain name or certificate.

  1. Install the VPN client on the machine running ProjectX42 and on your phone.
  2. Sign in to both with the same account so they join the same private network.
  3. In the ProjectX42 app, use the private address the VPN assigns (for example http://100.x.y.z:8123) as your server URL.

Option 2 — Your own domain with HTTPS

If you want to reach the server from any browser, put it behind a reverse proxy with a TLS certificate. You will need a domain name and the ability to forward a port on your router.

  1. Point a domain (or a dynamic-DNS hostname) at your home IP address.
  2. Forward port 443 on your router to the machine running the reverse proxy.
  3. Run nginx or Caddy in front of ProjectX42 on port 8123. Caddy obtains a certificate automatically; with nginx use Certbot.
  4. Make sure the proxy forwards WebSocket upgrade headers — ProjectX42 keeps a live WebSocket open, and it will not connect without them.
  5. Add the proxy to trusted_proxies in your configuration.yaml and set use_x_forwarded_for: true.

Never expose port 8123 directly to the internet without HTTPS. Your login credentials and long-lived access tokens would travel in clear text.

Option 3 — Keep it local only

Perfectly valid. The app works fully on your home Wi-Fi with no remote access at all. Enter your server's LAN address, for example http://192.168.1.50:8123.

Hardening checklist

  • Enable multi-factor authentication for every account.
  • Use a long, unique password — remote access means the whole internet can reach your login page.
  • Keep your server updated.
  • Revoke long-lived access tokens you no longer use.

Back to all documentation · Questions? Contact us.