Remote Access

Access Muxit from other computers on your network — or anywhere via VPN.

Quick Setup (LAN)

1. Open Settings > Remote Access in the Muxit UI
2. Toggle Enable Remote Access on
3. Set a password (minimum 4 characters)
4. Restart the Muxit server
5. Open http://<server-ip>:8765 on another computer
6. Enter your password — done!

Tip: Find your server's IP address with ipconfig (Windows) or ip addr (Linux/Mac).

How It Works

Feature	Local (localhost)	Remote (LAN)
Password required	No	Yes
Auth token	Auto-fetched	Obtained via login
WebSocket	Connects automatically	Connects after login
All APIs	Full access	Full access after login
Editor mode	Works if enabled	Works if enabled

Local access is never affected. When accessing Muxit from the same machine (localhost/127.0.0.1), everything works exactly as before — no password, no login page.

HTTPS (Optional)

Enable HTTPS (Self-Signed) in Settings for encrypted connections:

• A self-signed certificate is generated automatically on first use
• Your browser will show a security warning — click "Advanced" > "Accept the Risk" (once per browser)
• All traffic (including your password) is encrypted over the network
• The certificate is stored in workspace/config/muxit.pfx

When to use HTTPS:

• Shared/untrusted network
• Sensitive data passes through Muxit (API keys, instrument data)
• Prevent password sniffing on the LAN

When HTTP is fine:

• Private home/lab network with trusted users

Settings Reference

Setting	Config Path	Default	Description
Remote Access	security.remoteAccess	false	Bind to 0.0.0.0 (all interfaces)
HTTPS	security.https	false	Enable HTTPS with self-signed cert
Bind Address	security.bindAddress	127.0.0.1	Override bind address (advanced)

These can also be set directly in workspace/config/server.json:

{
  "security": {
    "editorMode": true,
    "remoteAccess": true,
    "https": false,
    "bindAddress": "127.0.0.1"
  }
}

Security Details

Authentication Flow

1. Local user opens Muxit → token auto-fetched from /api/auth/token (loopback-only) → connected
2. Remote user opens Muxit → token fetch returns 403 → login page shown → password submitted → session token issued → connected

Session Tokens

• Valid for 24 hours
• Stored in browser sessionStorage (cleared when tab closes)
• One session per login (multiple tabs share the same session)

Rate Limiting

Failed login attempts are rate-limited to 5 per minute per IP address. After 5 failed attempts, the IP is blocked for 60 seconds.

Password Storage

Passwords are hashed using PBKDF2 (SHA-256, 100K iterations) with a random salt. The hash is stored in workspace/config/security.json — the plaintext password is never saved.

Internet Access via Tailscale

For accessing your lab from outside your network, we recommend Tailscale:

1. Install Tailscale on the Muxit server and your remote device
2. Join both to the same Tailscale network (free for personal use)
3. Enable Remote Access in Muxit Settings
4. Access Muxit via http://<tailscale-ip>:8765

Tailscale provides WireGuard encryption, so HTTPS is not needed.

Raspberry Pi Notes

Muxit can run on a Raspberry Pi (ARM64) for a dedicated lab server:

• Works: Core server, serial ports, remote access, all automation scripts
• Limited: ClearScript V8 (JavaScript sandbox) — ARM64 support is uncertain
• Not available: Webcam/ONVIF drivers (no OpenCV ARM64 binaries)

To run headless: node start.js server --no-tray

Troubleshooting

"Remote access is not enabled" error: Enable Remote Access in Settings and restart the server.

Can't connect from another computer: Check that the server IP is correct and port 8765 is not blocked by a firewall.

Forgot password: Delete workspace/config/security.json on the server machine and restart.

Browser shows certificate warning (HTTPS): Expected with self-signed certificates. Click through the warning once per browser.