DocumentationChangelog
Features

Secure Tunnel

Seamless access your dashboard via the JFK-Enterprise Secure Tunnel network from anywhere.
This is a subscription-based feature.

Description

The JFK-Enterprise Secure Tunnel enables web applications such as the PowerMaster PWA to be provided securely over the internet without relying on the customer’s network configuration — no port forwarding or public IP addresses are required.

At the core of the architecture is a publicly accessible NGINX server acting as a reverse proxy, hosted on a VPS (Virtual Private Server). It is reachable via HTTPS and forwards incoming requests to the corresponding PowerMaster installation based on the requested subdomain.

Each PowerMaster instance is assigned its own DNS entry following the pattern:

<CUSTOMERNAME>-PMS.JFK-ENTERPRISE.COM

When this domain is accessed in a browser, the NGINX server identifies which instance is being requested using the host header and routes the request internally. The connection between the VPS and the local PowerMaster installation is established through a WireGuard VPN. The local instance acts as a WireGuard client and creates an encrypted, persistent connection to the VPS. As a result, the local control unit becomes accessible to the NGINX server as if it were an internal resource.

When an HTTPS request is made to a PowerMaster subdomain, NGINX processes the request and forwards it through the WireGuard network to the corresponding local instance. This instance then handles the request, for example, by serving the PWA or processing API calls.

Requirements

When using the Secure Tunnel, customer access to Raspberry OS is disabled for security reasons!

  • Network access to the JFK-Enterprise VPN
    • Host: vpn.jfk-enterprise.com
    • Port: 51821

Ess Logic

Backup

Backup your recorded data and configuration with an automated cloud backup.