Trading Operator Console

GUI Access

Operator-facing console with a protected path for browser-safe MT5 session access. Raw VNC, raw RDP, raw X11, broker credentials, and live trading are not published here.
# GUI Access All MT5 GUI access must remain local-only. ## Approved Access Paths - Local console on the host - Trusted SSH X11 forwarding from an operator workstation - Headless local Xvfb run without remote GUI exposure ## Not Allowed By Default - No VNC published to the internet - No RDP published to the internet - No reverse proxy publication - No web wrapper that exposes MT5 GUI externally ## Local-Only Verification - Do not publish ports `5900`, `3389`, or any ad hoc GUI port. - Do not add VNC or RDP services to CyberPanel or OpenLiteSpeed. - If you need a visual session, use SSH X11 forwarding from a trusted workstation only. - Headless mode stays the default for smoke tests and soak tests. ## SSH X11 Forwarding Example From a trusted workstation with X11 support: ```bash ssh -Y root@YOUR_VPS_IP DISPLAY="$DISPLAY" /trading/forex-mt5/scripts/start-mt5.sh --x11 ``` Stop when finished: ```bash /trading/forex-mt5/scripts/stop-mt5.sh ``` ## Safe Demo Session Flow 1. Confirm the operator workstation already has a working X server. 2. Open a trusted SSH X11 session with `ssh -Y root@YOUR_VPS_IP`. 3. Confirm `echo "$DISPLAY"` is not empty on the VPS. 4. Start MT5 with `DISPLAY="$DISPLAY" /trading/forex-mt5/scripts/start-mt5.sh --x11`. 5. Finish the manual demo task, then close MT5 and run `/trading/forex-mt5/scripts/stop-mt5.sh`. ## Headless Default The safer default on this VPS is: ```bash /trading/forex-mt5/scripts/start-mt5.sh --headless ``` This uses `xvfb-run` locally and does not publish any GUI transport. ## Operator Checklist 1. Confirm no VNC or RDP listener exists on the host before a demo login session. 2. Start MT5 with `--x11` only from a trusted SSH session. 3. Complete the demo task. 4. Close MT5 and run the stop wrapper. 5. Review logs if the terminal failed to render or connect. ## Quick Troubleshooting ### DISPLAY or X11 failed - Reconnect with `ssh -Y root@YOUR_VPS_IP` if `DISPLAY` is empty or forwarding failed. - Verify the workstation-side X server first; the VPS should not be modified to expose a GUI service. - Do not open VNC, RDP, or any ad hoc GUI port as a workaround. ### MT5 does not appear - Check `/trading/forex-mt5/scripts/status-mt5.sh` to see whether MT5 is already running. - Review `/trading/forex-mt5/logs/mt5-run.log` and `/trading/forex-mt5/scripts/review-latest-logs.sh --lines 40`. - Stop the current process with `/trading/forex-mt5/scripts/stop-mt5.sh` before retrying.