Manual:Webfig: Difference between revisions
Skins - -initial writeup |
|||
(33 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
==Summary== | ==Summary== | ||
WebFig is a web based RouterOS | WebFig is a web based RouterOS utility which allows you to monitor, configure and troubleshoot the router. It is designed as an alternative of [[M:Winbox | WinBox]], both have similar layouts and both have access to almost any feature of RouterOS. | ||
WebFig is accessible directly from the router which means that there is no need to install additional software (except web browser with JavaScript support, of course). | |||
As Webfig is platform independent, it can be used to configure router directly from various mobile devices without need of a software developed for specific platform. | As Webfig is platform independent, it can be used to configure router directly from various mobile devices without need of a software developed for specific platform. | ||
WebFig | Some of the tasks that you can perform with WebFig: | ||
* Configuration - view and edit current configuration; | |||
* Monitoring - display the current status of the router, routing information, interface stats, logs and many more; | |||
* Troubleshooting - RouterOS has built in many troubleshooting tools (like ping, traceroute, packet sniffers, traffic generators and many other) and all of them can be used with WebFig. | |||
==Connecting to Router== | ==Connecting to Router== | ||
Line 20: | Line 25: | ||
RouterOS http service now listens on ipv6 address, too. To connect to IPv6, in your browser enter ipv6 address in square brackets, for example '''[2001:db8:1::4]'''. If it is required to connect to link local address, don't forget to specify interface name or interface id on windows, for example '''[fe80::9f94:9396%ether1]'''. | RouterOS http service now listens on ipv6 address, too. To connect to IPv6, in your browser enter ipv6 address in square brackets, for example '''[2001:db8:1::4]'''. If it is required to connect to link local address, don't forget to specify interface name or interface id on windows, for example '''[fe80::9f94:9396%ether1]'''. | ||
===Enabling HTTPS=== | |||
For HTTPS to work properly, you need to specify a valid certificate that Webfig can use. You can use a certificate that is issued by a trusted Certificate Authority (CA) or you can create your own root CA and generate self-signed certificates. | |||
{{ Note | Webfig supports wildcard certificates. You can generate such a certificate by specifying a wildcard in the <var>common-name</var> property, for example <code>common-name=*.mikrotik.com</code>}} | |||
To generate your own certificates and enable HTTPS access, you must first login to the router by using Webfig (HTTP version or you can use Winbox, SSH or Telnet), open a new terminal and input the following commands: | |||
* Create your own root CA on your router | |||
<pre> | |||
/certificate | |||
add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-sign | |||
</pre> | |||
* Sign the newly created CA certificate | |||
<pre> | |||
/certificate | |||
sign LocalCA | |||
</pre> | |||
{{ Note | In case you already have set up your own CA or you are using a service that signs certificates for you, then you create and sign the certificate remotely and import the certificate on the router later. In case you are importing a certificate, then make sure you mark the certificate as trusted. }} | |||
* Create a new certificate for Webfig (non-root certificate) | |||
<pre> | |||
/certificate | |||
add name=Webfig common-name=192.168.88.1 | |||
</pre> | |||
{{ Note | Most browsers will throw out an invalid certificate error if the common name for the certificate does not match the address you are visiting, for this reason you can specify the router's IP address as the common name since you will be using the IP address to open up Webfig. If you have a valid DNS name for your device's IP address, then you can use it as the common name. }} | |||
* Sign the newly created certificate for Webfig | |||
<pre> | |||
/certificate | |||
sign Webfig ca=LocalCA | |||
</pre> | |||
{{ Note | It is not required to set the certificate as trusted if you created your own root CA on the same router since by default RouterOS will trust its own generated root CA and therefore will trust all certificates signed by it, including the newly created certificate for Webfig. }} | |||
* Enable '''www-ssl''' and specify to use the newly created certificate for Webfig | |||
<pre> | |||
/ip service | |||
set www-ssl certificate=Webfig disabled=no | |||
</pre> | |||
You can now visit https://192.168.88.1 and securely configure your router. | |||
{{ Note | By default browsers will not trust self-signed certificates, you will need to add the certificate as trusted on the first time you visit the page in your browser. Another approach is to export the root CA certificate and import it as a trusted root certificate on your computer, this way all certificates signed by this router will be considered as valid and will make it easier to manage certificates in your network.}} | |||
{{ Note | Most Internet browsers have their own certificate trust chain and works independently from the operating system's certificate trust chain, this means that you may have to add your own root CA's certificate as a trusted certificate in your browser settings since trusting the certificate in your operating system's settings might not have any effect when using your Internet browser.}} | |||
==Interface Overview== | ==Interface Overview== | ||
Line 93: | Line 148: | ||
==Skins== | ==Skins== | ||
Webfig skins is handy tool to make interface more user friendly. It is not a security tool. If user has sufficient rights it is possible to access hidden features by other means. | |||
Webfig skins is handy tool to make interface more user friendly. It is not a security tool. | |||
====Designing skins==== | ====Designing skins==== | ||
If user has sufficient permissions (group has policy edit permissions) '''Design Skin''' button becomes available. Pressing that toggle button will open interface editing options. Possible operations are: | If user has sufficient permissions (group has policy edit permissions) '''Design Skin''' button becomes available. Pressing that toggle button will open interface editing options. Possible operations are: | ||
*Hide menu | *Hide menu - this will hide all items from menu and its submenus; | ||
*Hide submenu | *Hide submenu - only certain submenu will be hidden | ||
*Hide tabs | *Hide tabs - if submenu details have several tabs, it is possible to hide them this way; | ||
* | *Rename menus, items - make some certain features more obvious or translate them into your launguage; | ||
*Add note to to item (in detail view) | *Add note to to item (in detail view) - to add comments on filed; | ||
*Make item read-only (in detail view) | *Make item read-only (in detail view) - for user safety very sensitive fields can be made read only | ||
*Hide flags (in detail view) | *Hide flags (in detail view) - while it is only possible to hide flag in detail view, this flag will not be visible in list view and in detailed view; | ||
*Add limits for field | *Add limits for field - (in detail view) where it is list of times that are comma or newline separated list of allowed values: | ||
**number interval '..' example: 1..10 will allow values from 1 to 10 for fiels with numbers, example, MTU size. | |||
**field prefix (Text fields, MAC address, set fields, combo-boxes). If it is required to limit prefix length ''$'' should be added to the end, for example, limiting wireless interface to "station" only will contain | |||
*Add ''Tab'' - will add grey ribbon with editable label that will separate the fields. Ribbon will be added before field it is added to; | |||
*Add ''Separator'' - will add low height horizontal separator before the field it is added to. | |||
{{Note|Number interval cannot be set to extend limitations set by RouterOS for that field}} | |||
{{Note|Set fields are argument that consist of set of check-boxes, for example, setting up policies for user groups, RADIUS "Service"}} | |||
{{Note|Limitations set for combo-boxes will values selectable from dropdown}} | |||
======Configure wireless interface====== | |||
To configure | |||
====Status page==== | |||
{{Note|Starting RouterOS 5.7 webfig interface adds capability for users to create status page where fields from anywhere can be added and arranged.}} | |||
Satus page can be created by users (with sufficient permissions) and fields on the page can be reordered. | |||
When status page is created it is default page that opens when logging in the router through webfig interface. | |||
======Addition of fields====== | |||
To add field to status page user has to enter "Design skin" mode and from drop-down menu at the field choose option - "Add to status page" | |||
As the result of this action desired field in read-only mode will be added to status page. If at the time ''Status'' page is not present at the time, it will be created for the user automatically. | |||
[[File:webfig-add-to-stsatus-page.png]] | |||
======Two columns====== | |||
Fields in ''Status'' page can be arranged in two columns. Columns are filled from top to bottom. | |||
When you have only one column then first item intended for second should be dragged to the top of the first item when black line appear on top of the first item, then drag mouse to the left until shorter black line is displayed as showed in screenshot. Releasing mouse button will create second column. Rest of the fields afterwards can be dragged and dropped same way as with one column design. | |||
[[File:webfig-two-columns.png]] | |||
====Skin design examples==== | |||
======Set field====== | |||
Setting limits for ''set field '' | |||
[[File:webfig-set-field-limits-design.png]] | |||
And the result: | |||
[[File:webfig-set-field-limits-done.png]] | |||
====Using skins==== | ====Using skins==== | ||
To use skins you have to assign skin to group, when that is done users of that group will automatically use selected skin as their default when logging into Webfig. {{Note|Webfig is only configuration interface that can use skins}} | To use skins you have to assign skin to group, when that is done users of that group will automatically use selected skin as their default when logging into Webfig. {{Note|Webfig is only configuration interface that can use skins}} | ||
[[Category:Manual]] | If it is required to use created skin on other router you can copy files to '''skins''' folder on the other router. On new router it is required to add copied skin to user group to use it. | ||
[[Category:Basic]] | |||
{{cont}} | |||
[[Category:Manual|We]] | |||
[[Category:Basic|We]] |
Latest revision as of 10:45, 1 February 2019
Summary
WebFig is a web based RouterOS utility which allows you to monitor, configure and troubleshoot the router. It is designed as an alternative of WinBox, both have similar layouts and both have access to almost any feature of RouterOS.
WebFig is accessible directly from the router which means that there is no need to install additional software (except web browser with JavaScript support, of course).
As Webfig is platform independent, it can be used to configure router directly from various mobile devices without need of a software developed for specific platform.
Some of the tasks that you can perform with WebFig:
- Configuration - view and edit current configuration;
- Monitoring - display the current status of the router, routing information, interface stats, logs and many more;
- Troubleshooting - RouterOS has built in many troubleshooting tools (like ping, traceroute, packet sniffers, traffic generators and many other) and all of them can be used with WebFig.
Connecting to Router
WebFig can be launched from the routers home page which is accessible by entering routers IP address in the browser. When home page is successfully loaded, choose webfig from the list of available icons as illustrated in screenshot.
After clicking on webfig icon, login prompt will ask you to enter username and password. Enter login information and click connect.
Now you should be able to see webfig in action.
IPv6 Connectivity
RouterOS http service now listens on ipv6 address, too. To connect to IPv6, in your browser enter ipv6 address in square brackets, for example [2001:db8:1::4]. If it is required to connect to link local address, don't forget to specify interface name or interface id on windows, for example [fe80::9f94:9396%ether1].
Enabling HTTPS
For HTTPS to work properly, you need to specify a valid certificate that Webfig can use. You can use a certificate that is issued by a trusted Certificate Authority (CA) or you can create your own root CA and generate self-signed certificates.
Note: Webfig supports wildcard certificates. You can generate such a certificate by specifying a wildcard in the common-name property, for example common-name=*.mikrotik.com
To generate your own certificates and enable HTTPS access, you must first login to the router by using Webfig (HTTP version or you can use Winbox, SSH or Telnet), open a new terminal and input the following commands:
- Create your own root CA on your router
/certificate add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-sign
- Sign the newly created CA certificate
/certificate sign LocalCA
Note: In case you already have set up your own CA or you are using a service that signs certificates for you, then you create and sign the certificate remotely and import the certificate on the router later. In case you are importing a certificate, then make sure you mark the certificate as trusted.
- Create a new certificate for Webfig (non-root certificate)
/certificate add name=Webfig common-name=192.168.88.1
Note: Most browsers will throw out an invalid certificate error if the common name for the certificate does not match the address you are visiting, for this reason you can specify the router's IP address as the common name since you will be using the IP address to open up Webfig. If you have a valid DNS name for your device's IP address, then you can use it as the common name.
- Sign the newly created certificate for Webfig
/certificate sign Webfig ca=LocalCA
Note: It is not required to set the certificate as trusted if you created your own root CA on the same router since by default RouterOS will trust its own generated root CA and therefore will trust all certificates signed by it, including the newly created certificate for Webfig.
- Enable www-ssl and specify to use the newly created certificate for Webfig
/ip service set www-ssl certificate=Webfig disabled=no
You can now visit https://192.168.88.1 and securely configure your router.
Note: By default browsers will not trust self-signed certificates, you will need to add the certificate as trusted on the first time you visit the page in your browser. Another approach is to export the root CA certificate and import it as a trusted root certificate on your computer, this way all certificates signed by this router will be considered as valid and will make it easier to manage certificates in your network.
Note: Most Internet browsers have their own certificate trust chain and works independently from the operating system's certificate trust chain, this means that you may have to add your own root CA's certificate as a trusted certificate in your browser settings since trusting the certificate in your operating system's settings might not have any effect when using your Internet browser.
Interface Overview
WebFig interface is designed to be very intuitive especially for WinBox users. It has very similar layout: menu bar on the left side, undo/redo at the top and work are at the rest of available space.
When connected to router, browsers title bar (tab name on Chrome) displays currently opened menu, user name used to authenticate, ip address, system identity, ROS version and RouterBOARD model in following format:
[menu] at [username]@[Router's IP] ( [RouterID] ) - Webfig [ROS version] on [RB model] ([platform])
Menu bar has almost the same design as WinBox menu bar. Little arrow on the right side of the menu item indicates that this menu has several sub-menus.
When clicking on such menu item, sub-menus will be listed and the arrow will be pointing down, indicating that sub-menus are listed.
At the top you can see three common buttons Undo/Redo buttons similar to winbox and one additional button Log Out. In the top right corner, you can see WebFig logo and RouterBOARDS model name.
Work area has tab design, where you can switch between several configuration tabs, for example in screenshot there are listed all tabs available in Bridge menu (Bridge, Ports, Filters, NAT, Rules).
Below the tabs are listed buttons for all menu specific commands, for example Add New and Settings.
The last part is table of all menu items. First column of an item has item specific command buttons:
Item configuration
When clicking on one of the listed items, webfig will open new page showing all configurable parameters, item specific commands and status.
At the top you can see item type and item name. In example screenshot you can see that item is an interface with name bypass
There are also item specific command buttons (Ok, Cancel, Apply, Remove and Torch). These can vary between different items. For example Torch is available only for interfaces.
Common Item buttons:
- Ok - apply changes to parameters and exit;
- Cancel - exit and do not apply changes;
- Apply - apply changes and stay on current page;
- Remove - remove current item.
Status bar similar to winbox shows current status of item specific flags (e.g running flag). Grey-ed out flag means that it is not active. In example screenshot you can see that running is in solid black and slave is grey-ed, which means that interface is running and is not a slave interface.
List of properties is divided in several sections, for example "General", "STP", "Status", "Traffic". In winbox these sections are located in separate tabs, but webfig lists them all in one page specifying section name. In screenshotyou can see "General" section. Grey-edout properties mean that they are read-only and configuration is not possible.
Work with Files
Webfig allows to upload files directly to the router, without using FTP services. To upload files, open Files menu, click on Choose File button, pick file and wait until file is uploaded.
Files also can be easily downloaded from the router, by clicking Download button at the right side of the file entry.
Traffic Monitoring
[ Top | Back to Content ]
Skins
Webfig skins is handy tool to make interface more user friendly. It is not a security tool. If user has sufficient rights it is possible to access hidden features by other means.
Designing skins
If user has sufficient permissions (group has policy edit permissions) Design Skin button becomes available. Pressing that toggle button will open interface editing options. Possible operations are:
- Hide menu - this will hide all items from menu and its submenus;
- Hide submenu - only certain submenu will be hidden
- Hide tabs - if submenu details have several tabs, it is possible to hide them this way;
- Rename menus, items - make some certain features more obvious or translate them into your launguage;
- Add note to to item (in detail view) - to add comments on filed;
- Make item read-only (in detail view) - for user safety very sensitive fields can be made read only
- Hide flags (in detail view) - while it is only possible to hide flag in detail view, this flag will not be visible in list view and in detailed view;
- Add limits for field - (in detail view) where it is list of times that are comma or newline separated list of allowed values:
- number interval '..' example: 1..10 will allow values from 1 to 10 for fiels with numbers, example, MTU size.
- field prefix (Text fields, MAC address, set fields, combo-boxes). If it is required to limit prefix length $ should be added to the end, for example, limiting wireless interface to "station" only will contain
- Add Tab - will add grey ribbon with editable label that will separate the fields. Ribbon will be added before field it is added to;
- Add Separator - will add low height horizontal separator before the field it is added to.
Note: Number interval cannot be set to extend limitations set by RouterOS for that field
Note: Set fields are argument that consist of set of check-boxes, for example, setting up policies for user groups, RADIUS "Service"
Note: Limitations set for combo-boxes will values selectable from dropdown
Configure wireless interface
To configure
Status page
Note: Starting RouterOS 5.7 webfig interface adds capability for users to create status page where fields from anywhere can be added and arranged.
Satus page can be created by users (with sufficient permissions) and fields on the page can be reordered.
When status page is created it is default page that opens when logging in the router through webfig interface.
Addition of fields
To add field to status page user has to enter "Design skin" mode and from drop-down menu at the field choose option - "Add to status page"
As the result of this action desired field in read-only mode will be added to status page. If at the time Status page is not present at the time, it will be created for the user automatically.
Two columns
Fields in Status page can be arranged in two columns. Columns are filled from top to bottom.
When you have only one column then first item intended for second should be dragged to the top of the first item when black line appear on top of the first item, then drag mouse to the left until shorter black line is displayed as showed in screenshot. Releasing mouse button will create second column. Rest of the fields afterwards can be dragged and dropped same way as with one column design.
Skin design examples
Set field
Setting limits for set field And the result:
Using skins
To use skins you have to assign skin to group, when that is done users of that group will automatically use selected skin as their default when logging into Webfig.
Note: Webfig is only configuration interface that can use skins
If it is required to use created skin on other router you can copy files to skins folder on the other router. On new router it is required to add copied skin to user group to use it.
[ Top | Back to Content ]