diff --git a/app/sovran_systemsos_web/static/onboarding.js b/app/sovran_systemsos_web/static/onboarding.js
index da9e7fa..d66ecd7 100644
--- a/app/sovran_systemsos_web/static/onboarding.js
+++ b/app/sovran_systemsos_web/static/onboarding.js
@@ -228,114 +228,79 @@ async function loadStep3() {
body.innerHTML = 'Checking ports…
';
var networkData = null;
- var portHealth = null;
try {
- var results = await Promise.all([
- apiFetch("/api/network"),
- apiFetch("/api/ports/health"),
- ]);
- networkData = results[0];
- portHealth = results[1];
+ networkData = await apiFetch("/api/network");
} catch (err) {
- body.innerHTML = '⚠ Could not load port data: ' + escHtml(err.message) + '
';
+ body.innerHTML = '⚠ Could not load network data: ' + escHtml(err.message) + '
';
return;
}
var internalIp = (networkData && networkData.internal_ip) || "unknown";
- var html = ''
- + '⚠ IMPORTANT: Ports 80 (HTTP) and 443 (HTTPS) MUST be forwarded first.
'
- + 'Caddy uses these ports to obtain SSL certificates from Let\'s Encrypt. '
- + 'If these ports are closed, certificate authentication will fail and '
- + 'none of your domain-based services will work over HTTPS.'
- + '
';
+ var ip = escHtml(internalIp);
+
+ var html = ''
+ + '⚠ Each port only needs to be forwarded once — all services share the same ports.'
+ + '
';
html += '';
html += ' Forward ports to this machine\'s internal IP:';
- html += ' ' + escHtml(internalIp) + '';
+ html += ' ' + ip + '';
html += '
';
+ // Required ports table
+ html += '';
+ html += '
Required Ports — open these on your router:
';
+ html += '
';
+ html += '| Port | Protocol | Forward to | Purpose |
|---|
';
+ html += '';
+ html += '| 80 | TCP | ' + ip + ' | HTTP |
';
+ html += '| 443 | TCP | ' + ip + ' | HTTPS |
';
+ html += '| 22 | TCP | ' + ip + ' | SSH Remote Access |
';
+ html += '| 8448 | TCP | ' + ip + ' | Matrix Federation |
';
+ html += '
';
+ html += '
';
+ html += '
Optional — Only needed if you enable Element Calling:
';
+ html += '
These 5 additional port openings are required on top of the 4 required ports above.
';
+ html += '
';
+ html += '| Port | Protocol | Forward to | Purpose |
|---|
';
+ html += '';
+ html += '| 7881 | TCP | ' + ip + ' | LiveKit WebRTC signalling |
';
+ html += '| 7882–7894 | UDP | ' + ip + ' | LiveKit media streams |
';
+ html += '| 5349 | TCP | ' + ip + ' | TURN over TLS |
';
+ html += '| 3478 | UDP | ' + ip + ' | TURN (STUN/relay) |
';
+ html += '| 30000–40000 | TCP/UDP | ' + ip + ' | TURN relay (WebRTC) |
';
+ html += '
';
+ html += '
';
+ html += 'Total port openings: 4 (without Element Calling)
';
+ html += 'Total port openings: 9 (with Element Calling — 4 required + 5 optional)';
+ html += '
';
+
+ html += ''
+ + '⚠ Ports 80 and 443 must be forwarded first. '
+ + 'Caddy uses these to obtain SSL certificates from Let\'s Encrypt. '
+ + 'If they are closed, HTTPS will not work and your services will be unreachable from outside your network.'
+ + '
';
+
html += ''
+ 'How to set up port forwarding
'
+ ''
+ '- Open your router\'s admin panel — usually
http://192.168.1.1 or http://192.168.0.1 '
+ '- Look for "Port Forwarding", "NAT", or "Virtual Server" in the settings
'
- + '- Create a new rule for each port listed below
'
- + '- Set the destination/internal IP to ' + escHtml(internalIp) + '
'
+ + '- Create a new rule for each port listed above
'
+ + '- Set the destination/internal IP to ' + ip + '
'
+ '- Set both internal and external port to the same number
'
+ '- Save and apply changes
'
+ '
'
+ ' ';
- var status = (portHealth && portHealth.status) || "ok";
- var totalPorts = (portHealth && portHealth.total_ports) || 0;
- var closedPorts = (portHealth && portHealth.closed_ports) || 0;
-
- if (totalPorts === 0) {
- html += 'No port requirements detected for your current role.
';
- } else if (status === "ok") {
- html += '✅ All ' + totalPorts + ' required ports are open and ready.
';
- } else {
- html += '';
- html += '⚠ ' + closedPorts + ' of ' + totalPorts + ' ports appear closed. ';
- html += 'You can continue, but affected services may not work until ports are forwarded.';
- html += '
';
- }
-
- // Show per-service breakdown
- var affectedSvcs = (portHealth && portHealth.affected_services) || [];
- if (affectedSvcs.length > 0) {
- html += '';
- html += '
Affected Services
';
- affectedSvcs.forEach(function(svc) {
- html += '
';
- html += '
' + escHtml(svc.name) + '
';
- (svc.closed_ports || []).forEach(function(p) {
- html += '
';
- html += ' 🔴';
- html += ' ' + escHtml(p.port) + '/' + escHtml(p.protocol) + '';
- if (p.description) html += ' ' + escHtml(p.description) + '';
- html += '
';
- });
- html += '
';
- });
- html += '
';
- html += 'View All Required Ports
';
- html += '';
- html += '| Port | Protocol | Purpose |
|---|
';
- html += '';
- allPorts.forEach(function(p) {
- html += '';
- html += '| ' + escHtml(p.port) + ' | ';
- html += '' + escHtml(p.protocol) + ' | ';
- html += '' + escHtml(p.description || "") + ' | ';
- html += '
';
- });
- html += '
';
- html += ' ';
- }
- }
-
body.innerHTML = html;
}
diff --git a/app/sovran_systemsos_web/templates/onboarding.html b/app/sovran_systemsos_web/templates/onboarding.html
index 440255e..09b9dbf 100644
--- a/app/sovran_systemsos_web/templates/onboarding.html
+++ b/app/sovran_systemsos_web/templates/onboarding.html
@@ -93,9 +93,8 @@
🔌
Port Forwarding Check
- Your home router must forward specific ports to this machine before your services will work.
- Ports 80 and 443 must be open before Caddy can authenticate your SSL certificates.
- Without these ports forwarded, HTTPS will not work and your services will be unreachable from outside your network.
+ Forward these ports on your router to this machine. Each port only needs to be opened once — they are shared across all your services.
+ Ports 80 and 443 must be open for SSL certificates to work.