Using the Proxy

Open the web interface of any device in your plant network straight from your browser — no VPN client, no installation, just your Mirox login. The Proxy gives you a unique, authenticated URL for each device UI, so an inverter configuration page, a data-logger dashboard, or a switch-cabinet web page is one click away.

This guide walks you through the day-to-day tasks. For how the Proxy works and its security model, see the Proxy feature page — this page does not re-explain it.

When to Use the Proxy vs the VPN

Both let you reach devices inside a plant network, but they suit different jobs.

You want to…UseWhat you need
Quickly open a device's web UI, possibly from a borrowed or third-party machineProxy (this guide)A browser and your Mirox login. Nothing to install.
Use SSH, Modbus, your own scripts, or any non-browser tool against devicesVPNA one-time WireGuard profile installed on your machine — see Using the VPN.

A good rule of thumb: if the task lives in a browser, the Proxy is faster; if it needs a real network connection, reach for the VPN.

Opening a Device's Web Interface

Each reachable device UI has its own address of the form <id>.proxy.mirox.io. You never type this URL by hand — the platform builds it for you and opens it when you click.

  1. Open in Mirox: open the plant's Networking tab directly. (In the app this is Monitor → your plant → Networking.)
  2. Switch to the Network Devices list and find the device you want to reach. (For how the list is populated, see Managing Network Devices.)
  3. Open the device, then go to its Proxy tab.
  4. Click the open-in-new-tab icon next to a web target. The device's own web interface opens in a new browser tab at its <id>.proxy.mirox.io URL.

Every Discovered Device Has a Default

You do not need to configure anything to get started. For every discovered device, the standard web port is auto-detected and offered as a Default Web UI target — open it immediately, even before adding any custom targets.

Adding More Web Targets

If a device exposes several interfaces — for example a service UI on one port and a diagnostics dashboard on another — add a web target for each so they sit side by side in the list.

  1. On the device's Proxy tab, select Add Target.
  2. Give the target a clear Label (for example "Admin UI" or "Diagnostics").
  3. Choose the Scheme (http or https), the Port, and an optional Path.
  4. Leave Proxy enabled on so the target is reachable, and Save.

Each saved target gets its own open-in-new-tab icon. You can edit or delete custom targets later; the auto-detected default is managed by discovery and is not editable.

The Master Switch Controls Everything

The Web UI Proxy toggle at the top of the Proxy tab is the master switch for the device. When it is off, none of the device's web targets are reachable — even enabled ones. To take a single interface offline without affecting the rest, disable just that target instead.

Logging In to the Device

The Proxy handles the transport and checks that you are allowed to open the device. The device may still show its own login — Mirox does not bypass it. When the device's login form appears in your browser, sign in with the credentials for that device.

So that you do not have to chase down or memorize device passwords, your plant operator can store them once in Mirox's encrypted credential vault, after which authorized teammates can use them when opening the device — without the plaintext password ever being shared by email or chat.

  1. To store credentials, open the device's Authentication tab.
  2. Enter the Username, Password, and an optional note describing the Authentication Scheme (for example "HTTP Basic" or "API token").
  3. Save. Authorized teammates now see a Credentials stored indicator and can reveal or copy the values when they need them.

Credentials Are Permission-Bound

The Authentication tab is visible only to users with a technical role on the plant (Operator or Technical Manager). A Viewer never sees it. Who reads or uses stored credentials is captured in the access audit trail.

Because each device UI has a stable <id>.proxy.mirox.io URL, you can copy the address from your browser and send it to a colleague — useful for pointing someone directly at the diagnostics page you are looking at.

Sharing the link does not share access. When your colleague opens it, the Proxy still requires their own Mirox login and checks their permission for that specific plant. If they are not signed in, they are sent to the login page and forwarded to the device afterwards; if they lack permission for the plant, they are refused. The link is a convenience, not a backdoor.

Who Can Use the Proxy

Proxy access follows the plant's permission system. Anyone with a technical role on the plant — Operator or Technical Manager, plus organization Admins and Moderators — can open device UIs and manage web targets. A Viewer does not get proxy access. Permissions granted through a cooperation are honored the same way.

Troubleshooting

When a device UI does not load, the Proxy returns a clear diagnostic message instead of a blank error page, telling you for example whether the device itself is unreachable or the plant's agent is not ready yet.

Tell a Platform Problem From a Plant Problem

If you are unsure whether the issue is on the Mirox side or at the plant, your operator can run the Proxy's built-in connectivity check, which verifies platform-side login and routing without contacting any specific device. A passing check points the investigation toward the plant or the device.

Every Proxy session is recorded in a unified access overview for the plant, alongside VPN sessions, capturing who opened which device and when. Review it from the Access Log tab on the Networking page, or read more in Access Audit Logging.

MIT Licensed | Copyright 2026 Mirox Verwaltungs GmbH