Portmaster is currently built for desktops that have a physical graphical interface. That said, you can run Portmaster on a server if done correctly.
If in any way possible make sure and test your backup access to the server in case you lock yourself out.
We’ll need to write our config file ourselves and place it on the server before we install Portmaster so that we don’t lock ourselves out. You can either use an existing Portmaster instance to configure your settings and then copy the config.json file from the data directory, or you can build it from scratch. Below is a template as a starting point. Now, let’s go though the settings you want to change:
0.0.0.0:817 to enable connections from anywhere.config.json, so we add only global rules for now and can switch to per-app after install.
If you run Portmaster on a private network you have access to, then this might be enough. If you want to access Portmaster via a public network, more caution and work is needed.
⚠️ Portmaster does not support HTTPS for the UI. You will need to take care of this yourself. We recommend using something like Traefik or Caddy as a reverse proxy for automatic HTTPS.
config.json template with multiple options - delete the ones you don’t need:
{
"core": {
"automaticUpdates": false,
"devMode": true,
"expertiseLevel": "developer",
"listenAddress": "0.0.0.0:817"
},
"filter": {
"serviceEndpoints": [
"+ Localhost",
"+ * TCP/SSH # Allow remote SSH access from anywhere",
"+ * */3389 # Allow remote RDP access from anywhere",
"+ * TCP/817 # Allow remote access to Portmaster from anywhere",
"+ LAN TCP/817 # Allow remote access to Portmaster from LAN only"
]
}
}
You may also want to validate the json before using your config.
Before installing we need to place to config file:
C:\ProgramData\Safing\Portmaster\config.json/opt/safing/portmaster/config.jsonThen, run the installer for Portmaster on the server. If everything went well, then you should still have access to your server and to the Portmaster UI in the way you configured.