Hey there! Let's walk through how to access your Ubuntu server's projects (like Text Generation Webui or Automatic1111) from your home network, plus break down the security tradeoffs between SSH tunnels and router setups.

一、让局域网设备直接访问服务器项目的基础步骤 #

First off, since you're only accessing this within your home network, you don't actually need "port forwarding" through your router (that's for public internet access). Here's what you need to do:

1. 确保项目监听所有网卡 #

Most of these web UIs default to binding only to localhost (127.0.0.1), which means they can only be accessed from the server itself. To let other devices on your network connect, you need to start the project with a flag that makes it listen on all network interfaces (0.0.0.0):

• For Text Generation Webui: Add the --listen flag when launching, e.g.:

  python server.py --listen --port 7680
  

• For Automatic1111 Stable Diffusion: Use the --listen flag as well:

  ./webui.sh --listen --port 7680
  

2. 配置Ubuntu防火墙允许端口流量 #

Ubuntu's default firewall (ufw) might block incoming connections to your project's port. To open the port (e.g., 7680 for TCP traffic):

sudo ufw allow 7680/tcp
sudo ufw reload

You can verify the rule is active with sudo ufw status.

3. 使用服务器的局域网IP访问 #

Once the project is listening on all interfaces and the firewall is open, you can access it from any device on your home network using:
http://192.10.1.10:7680
(Replace 192.10.1.10 with your server's actual local IP address. To find it, run ip a on the server and look for the inet entry under your main network adapter.)

Pro tip: Set a static local IP for your server (either via Ubuntu's network settings or your router's MAC address binding) so you don't have to look up the IP every time it restarts.

二、SSH隧道 vs 路由器设置：安全性对比 #

Since you're only accessing this within your home network, router port forwarding isn't necessary (that's for exposing services to the public internet). But let's compare the two options you mentioned:

1. SSH隧道：更高的安全性 #

If you want to keep your project's port hidden from the rest of the local network (e.g., only allow specific devices to access it), SSH local port forwarding is a great choice. Here's how it works:

• On your local device (Windows/macOS/Linux), run this command to forward your local port 7680 to the server's port 7680:

  ssh -L 7680:localhost:7680 your-server-username@192.10.1.10
  

• Now you can access the project on your local device by visiting http://localhost:7680.

Why this is secure:

• The project only needs to bind to localhost on the server, so its port isn't exposed to the entire local network.
• Access is restricted to devices that can SSH into your server (which requires valid credentials, and optionally SSH keys for even more security).
• No need to open any ports in the Ubuntu firewall for the project itself (only SSH port 22 needs to be open, which is usually already configured).

2. Router设置：不需要（针对局域网访问） #

Router port forwarding is designed to route public internet traffic to a device on your local network. Since you're only accessing the server from devices on your home network, this isn't needed at all. Using router forwarding here would actually be unnecessary and potentially introduce unnecessary exposure if you accidentally configure it for public access.

总结 #

• For easy, open access to trusted devices: Configure the project to listen on all interfaces, open the firewall port, and use the server's local IP directly.
• For restricted, secure access: Use SSH port forwarding to keep the project's port hidden and only allow access to devices with SSH credentials.

备注：内容来源于stack exchange，提问作者rbur0425