First connect to the machine with ssh -L 7860:localhost:7860 <user>@exozy.me
Check if anyone is using the port with netstat -ntpl. If port 7860 is in there, then don't run it again.
Next run the server:
pdm run bwrap --dev-bind / / --tmpfs /home --unshare-user --uid 1 --gid 1 ./webui.sh
# insecure version
# pdm run ./webui.sh
You will now see some output, and the URL of the server. After that, you can visit the web interface on your local machine at http://localhost:7860/ (since SSH port forwarding is used above).
Security Warning (by iacore): Posibble Arbitrary file read. Without bwrap, the webui can access any file. However, I'm not super confident about by sandboxing skills, so you should verify this yourself.