Rubix.Remote

Sign in

Sign in with Google · Sign in with Microsoft

Rubix.Remote
Dashboard
Support
Access
Activity
Maintenance
Settings
A

Dashboard

Overview of your support estate
Protect your account. Two-factor authentication is recommended for your admin account.

Quick actions

Create a one-time support session

Public sessions appear on the join page by name — anyone who can reach it can join without a code. Use for an open support queue; keep sensitive sessions private.

Published sessions

LabelStatusJoin linkExpires
No sessions yet.

Support requests

RequesterNoteStatusWhen
No requests.

Customers & installed clients

Device enrolled. Install it with this command (token shown once):


        

        

      

      

        
Install an unattended client (service)

        
For always-on access to a server or workstation, install the client as a Windows service (runs at boot as SYSTEM). Enroll the device above for its session id + token, then on that machine in an elevated PowerShell:
.\install-service.ps1 -Relay <ws-url> -Session <id> -Token <token>

        

          
          
        

      

    


    
    

      

        
Activity & audit log

        
Logins, session creation, pairings/connections, and admin changes. Most recent first.

        
WhenActorActionTargetIP

          
No events.

      

    


    
    

      

        
Database backups

        

          

          
          
          
        

        
On-demand backups use pg_dump (custom format) into the data directory. Scheduled nightly backups run via the systemd timer installed by the installer.

        
Backup fileSizeWhen

          
No backups yet.

      

      

        
Scheduled maintenance

        
These run automatically on the server via systemd timers (they need root, so they live outside the web app):

        
    
          
  • Let's Encrypt renewal — certbot.timer renews the TLS certificate and restarts the relay on renewal.
    • 
          
  • Database maintenance — rubix-maintenance.timer runs VACUUM ANALYZE and prunes old audit rows.
    • 
          
  • Nightly backup — rubix-backup.timer runs backup.sh and applies the retention above.
    • 
        

        
Restore a backup on the server with: sudo relay/deploy/restore.sh <file> (or use the Restore button per row — destructive, asks for confirmation).

      

    


    
    

      
      

        
Two-factor authentication

        
Checking…

        
        

          
          

            
Add this secret to your authenticator app (Google Authenticator, Authy, 1Password…):

            

            
Or use this URI: 

            
            

            

              
Saved! Store these one-time recovery codes somewhere safe:

              

            

          

        

        

          Enabled
          

        

        

      


      
      

        
Security policy

        
        
When on, local users must enrol an authenticator before using the portal. SSO users get MFA from their identity provider. Applies at next sign-in.

         
      


      
      

        
Users & roles

        

          

          

          

          
        

        

        
UserRole2FALast login

      


      
      

        
Single sign-on (Google & Microsoft Entra)

        
Redirect URI to register at the provider: set a public base URL first. Users must already exist here (username = their email); SSO authenticates and links, it doesn't create accounts.

        

          

            
            
            
          

          

            
            
            
            
          

        

         
      


      
      

        
Email & notifications

        
        

          

          

          

        

        

          

            

            

            

          

          

            

            

          

        

        

          

            

            

          

          
POSTs {from,to,subject,text} with Authorization: Bearer <token>.

        

        

          
          
          
          
        

      


      
      

        
Branding

        

          

          

          

          
        

        

          

          
          
        

        
      


      
      

        
Network & TLS certificate

        

          

          

          
          
        

        
If a reverse proxy terminates TLS for you (e.g. on a non-standard port), keep this relay on HTTP and set the Public URL to how users reach it — join/console/connector links will use it.

        
Checking…

        

          

          

          
          
        

        
Issuance needs port 80 reachable and the domain pointed at this server. The service restarts onto HTTPS when done — reconnect at https://<domain>. Renewal also runs automatically (daily maintenance timer).

        
      


      
      

        
Application firewall

        

          
          

          

          

          
          
        

        
Auto-bans an IP after too many failed logins; also blocks anything on the manual list. Applies to the portal API and the relay sockets.

        

          

          
        

        
Blocked (manual)

        
Auto-banned IPUntil