nearxos/Alpine_5G
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
78f7ccc6dba4dc66c213862317693c39b62c1fac
Alpine_5G/docs/WEBGUI.md
nearxos 160ad641ce Add web GUI, docs, scripts, and 5G router config 
- Web app (Flask): status, config, firewall, logs, users, restart
- Docs: AT commands, deploy, DNS, quickstart, web GUI
- Scripts: connect, deploy, diag, healthcheck, modem-status, speedtest, status, troubleshoot
- Init and iptables: 5g-router, 5g-webgui, rules.v4
- CHANGELOG, TODO, REVISION; config and README updates
2026-02-02 09:38:23 +02:00

4.8 KiB
Raw Blame History

Alpine 5G Router Web GUI

Web interface with login and role-based access (admin and support). One HTML page per function (Status, Logs, Restart 5G, Config, Firewall, Routes, Users) with shared navigation.

Access

  • URL: http://<device-ip>:5000 (e.g. http://10.130.60.121:5000)
  • Default users:
    • admin / admin full access (config, firewall, routes, users, logs, status, restart 5G)
    • support / support view status, view logs, restart 5G only (no config/firewall/users)

Change default passwords after first login (admin: Users tab → set password).

Permissions

Feature Admin Support
View status
View logs
Restart 5G
Edit config
Edit firewall
View routes
Manage users

Install and run

On the device (after main install)

# Install Python and Flask (Alpine)
apk add python3 py3-flask

# If you used scripts/install.sh, Web GUI is already under /usr/local/share/5g-webgui
# Enable and start the service:
rc-update add 5g-webgui default
service 5g-webgui start

# Or run manually (foreground)
cd /usr/local/share/5g-webgui && ./run.sh

From repo (development)

cd web
pip install -r requirements.txt   # or: apk add py3-flask
python3 app.py
# Open http://localhost:5000

Security

  • Set SECRET_KEY in production: export SECRET_KEY="your-random-secret" before starting the app (or in the OpenRC service).
  • Use HTTPS in production (put the app behind nginx/caddy with TLS).
  • Change default admin and support passwords immediately.

SQLite database

The Web GUI uses SQLite (web/data/alpine5g.db) for:

  • users login accounts (admin/support); migrated from users.json on first run if that file existed.
  • iptables_rules firewall rules (table, rule line, enabled, order). On first load, if the DB is empty, rules are imported from /etc/iptables/rules.v4.
  • static_routes static routes (destination, gateway, dev, metric). Apply runs ip route add for each enabled route.

Firewall and Routes pages in the GUI list/add/edit/delete from the DB and provide an Apply button to write iptables and run iptables-restore, or run ip route add for routes.

Files

Path (on device) Purpose
/usr/local/share/5g-webgui/ App and static files
/usr/local/share/5g-webgui/data/alpine5g.db SQLite DB (users, rules, routes)
/etc/init.d/5g-webgui OpenRC service
/var/log/5g-webgui.log Service log

Troubleshooting: Modem not up

If the modem/WAN is not coming up (Status shows WAN state DOWN, no IP, or “No modem AT data”):

On the device, run:

/usr/local/bin/diag-modem-up.sh

(or ./scripts/diag-modem-up.sh from the repo). It reports:

  • 5g-router service status
  • Config (WAN_IF, AT_PORT, APN)
  • Modem USB (lsusb Fibocom; Mode 40 vs 41)
  • WAN interface (exists, state, IP)
  • Default route (via 5G or other)
  • AT port (exists, AT response OK?)
  • Last log lines from /var/log/5g-router.log
  • Ping test and suggested fixes

Use this to see why connect-5g.sh failed (e.g. AT port not ready, wrong USB mode, no modem IP).

Troubleshooting: No modem AT data

If the Status page shows “No modem AT data (check AT port)”, run the diagnostic on the device (SSH or console):

/usr/local/bin/diag-at-port.sh

(or ./scripts/diag-at-port.sh from the repo). It reports:

  • User and groups (whether youre in dialout for serial access)
  • Serial devices (/dev/ttyUSB*, permissions)
  • Modem in lsusb (Fibocom / 0e8d)
  • Config AT_PORT and whether it exists
  • Raw AT probe on each ttyUSB (which port returns OK)
  • Result of modem-status-at.sh

Typical fixes: Add the web server user (e.g. the one running gunicorn) to group dialout; set AT_PORT in /etc/5g-router.conf to the port that responds (e.g. /dev/ttyUSB0); ensure modem is in USB mode 40 (RNDIS) so the AT port is present.

Optional: run behind reverse proxy

Example with nginx (apk add nginx):

server {
    listen 80;
    server_name router.local;
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Then access via http://router.local (port 80) instead of port 5000.