OpenSprinkler › Forums › OpenSprinkler Unified Firmware › https login
- This topic has 59 replies, 3 voices, and was last updated 9 years, 7 months ago by Samer.
-
AuthorPosts
-
March 25, 2015 at 2:38 pm #36262
aruzsiParticipantHi,
What is the full URL, when I try to connect to the Sprinkler from the mobil app and SSL connection is choosed?
I wasn’t able to connect. 🙁
My LAN setup is as usual: sprinkrel is behind a router with only one IP address so I have to use some DDNS names.
On the router there is a proxy which makes https->http translation. So I try to reach the sprinkler with this URL:
https://mysprinkler.myddsn.anything (outside URL) which will be redirected to http://sprinkler:myport (inside URL).
The normal mode without SSL and port forwarding it is working but what about security then?
BTW: Can I use the normal WEB page from my mobil? It asked the password, wrote out (maybe) Loading … and go back to the password check. 🙁
TIA,
March 25, 2015 at 2:45 pm #36264
SamerKeymasterIf you are using the mobile application, they are sensitive to the certificate being valid. This means a self signed certificate will not work. Personally, I use startssl.com for free valid SSL.
Regarding the direct IP it should work fine however your proxy has to add a allow cross origin header (or least forward it from the original request) in order to work from the direct IP.
If this doesn’t make sense let me know and I can try to better explain.
Thank you.
March 25, 2015 at 2:58 pm #36265
aruzsiParticipantOf course I don’t have real SSL cert. My proxy is using self signed cert. I think it is much better then the simple http and my password on the wire.
So I don’t know why the app is not able to connect through my https proxy.
I’d like to know the full URL which the app uses. Is that https://<IP:port>? (when the SSL is checked)
I use some internal WEB pages which is not SSL capable inside protecting the connection until it is travelling on the Net.
Anyway, do you understand my setup?
March 25, 2015 at 3:00 pm #36266
aruzsiParticipantTomorrow I will make a test from real browser outside of my network using https.
March 25, 2015 at 3:24 pm #36267
aruzsiParticipantstartssl.com
How can I get a cert for any.info.tm domain which is a DDNS? I’m not the administrator for that domain, of course.
March 25, 2015 at 4:03 pm #36268
aruzsiParticipantWith my https frontend proxy the WEB page doesn’t work.
Password page -> Loading -> password page -> go back. Is this a bug, or anything else?
March 25, 2015 at 5:34 pm #36269
SamerKeymasterI understand your setup and also the issue.
For the app, when using an SSL proxy, it has to have a valid SSL certificate. There isn’t anyway around this from my app’s perspective as these are limits by the OS. Furthermore, my framework (PhoneGap) doesn’t have a way to allow non-valid SSL certificates. Therefore, it needs to be valid. I personally pay for a few domains and use a router or linux server to update my DNS (if it changes). I also use the domain with StartSSL to get a valid SSL certificate.
Regarding the web interface, like I said earlier, the CORS header is missing. Which deamon are you using for your SSL proxy (Apache, nginx, etc)? Here is a sample Apache configuration to fix the issue:
<IfModule mod_headers.c> # Add support for cross origin requests Header set Access-Control-Allow-Origin "*" </IfModule>
If you want to see the error message, right click the browser window and push “Inspect Element” anywhere. This will open a new window which has a “Console” tab. This tab will show you error messages in red and when you get kicked back to the home screen you will likely get an error here. If you can, send the error message my way so we can confirm the issue.
Lastly, addressing your point about the URL: If you check SSL it uses ‘https://’ where as the standard is ‘http://’. That’s the only difference.
Thanks
March 26, 2015 at 9:29 am #36276
aruzsiParticipantOK, I want to tell you I’m not a WEB or http(s) expert.
My proxy is running under OpenWRT and the proxy is lighttpd. There isn’t CORS definition in it. I use some SNI based proxy making https front-end for internal WEB pages. I don’t want to use port based virtual hosts because my company’s proxy not accept ports.
Can you help me?
And my “cert” was expired about 4 months. 🙁
Of course I can send you the consents of Console window but it is in Hungarian language. How can I see it in English?
TIA,
March 26, 2015 at 7:37 pm #36284
SamerKeymasterOkay, so if your certificate is expired, we know this won’t work within the applications (specifically iOS) so we are only discussing web based access.
I looked up OpenWRT/lighthttpd and am fairly confident you can add the CORS header by doing the following:
1) Open the file /etc/lighttpd/lighttpd.conf on the device by using nano or vi.
2) Add the following code:
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
If this doesn’t work, feel free to send the screenshots in Hungarian. The general error should be apparent however it is likely CORS related issues.
Thanks!
March 28, 2015 at 8:32 am #36320
aruzsiParticipantIn which section do I have to write the code?
I wrote in the named virtual section and doesn’t work. 🙁
Ez az oldal SHA-1 tanúsítványt használ, ajánlott olyan tanúsítványokat használni, amelyek aláírási algoritmusa az SHA-1-től erősebb hash függvényeket használ.[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/home.js” oldalon[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/app.cgz” oldalon[További információ] home.js:44:0
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/app.jgz” oldalon[További információ] home.js:71:0
A HTML dokumentum karakterkódolása nem volt deklarálva. A dokumentum egyes böngészőbeállítások esetén hibás szöveggel fog megjelenni, ha a dokumentum az US-ASCII tartományon kívüli karaktereket is tartalmaz. Az oldal karakterkódolását a dokumentumban vagy az átviteli protokollban kell deklarálni. locsolo.xxx.yy
Vegyes (nem biztonságos) megjelenített tartalom betöltése a biztonságos „http://ui.opensprinkler.com/img/favicon.ico” oldalon[További információ] ContentLinkHandler.jsm:167:0
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/lato.ttf” oldalon[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/index.htm” oldalon[További információ] app.jgz:8:0March 28, 2015 at 8:41 am #36321
aruzsiParticipantSorry, this is the full output of the Console window:
Cross-Origin kérés blokkolva: Az azonos eredet házirend nem engedélyezi a távoli erőforrás olvasását innen: http://locsolo.xxx.yy/jp?pw=7bccf2b801ab2524d718168cfdc7dca6. Ez az erőforrás azonos tartományba mozgatásával, vagy a CORS bekapcsolásával javítható. jp
Ez az oldal SHA-1 tanúsítványt használ, ajánlott olyan tanúsítványokat használni, amelyek aláírási algoritmusa az SHA-1-től erősebb hash függvényeket használ.[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/home.js” oldalon[További információ] locsolo.xxx.yy
GET http://ui.opensprinkler.com/js/home.js [Vegyes tartalom][HTTP/1.1 304 Not Modified 43 ms]
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/app.cgz” oldalon[További információ] home.js:44:0
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/app.jgz” oldalon[További információ] home.js:71:0
A HTML dokumentum karakterkódolása nem volt deklarálva. A dokumentum egyes böngészőbeállítások esetén hibás szöveggel fog megjelenni, ha a dokumentum az US-ASCII tartományon kívüli karaktereket is tartalmaz. Az oldal karakterkódolását a dokumentumban vagy az átviteli protokollban kell deklarálni. locsolo.xxx.yy
GET http://ui.opensprinkler.com/css/app.cgz [Vegyes tartalom][HTTP/1.1 200 OK 477 ms]
Vegyes (nem biztonságos) megjelenített tartalom betöltése a biztonságos „http://ui.opensprinkler.com/img/favicon.ico” oldalon[További információ] ContentLinkHandler.jsm:167:0
GET http://ui.opensprinkler.com/js/app.jgz [Vegyes tartalom][HTTP/1.1 200 OK 626 ms]
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/lato.ttf” oldalon[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/index.htm” oldalon[További információ] app.jgz:8:0
GET http://ui.opensprinkler.com/index.htm [Vegyes tartalom][HTTP/1.1 200 OK 299 ms]So CORS blocking is active. 🙁
March 28, 2015 at 9:04 am #36322
aruzsiParticipantI tried some thing what I found on the Net.
If I remove the Allow-Control-Access-Origin declaration, the header consists of that with “*”.
If I enable it the result will be: “*,*”.
March 28, 2015 at 10:34 am #36323
SamerKeymasterOh, okay on the /su page where you put the Javascript URL: be sure to put https. For example, the default Javascript URL is http://ui.opensprinkler.com change this to https://ui.opensprinkler.com.
Also, just so you know this issue is only when using the web site. This shouldn’t occur when using the Google Chrome extension in the store or the FireFox addon.
Try changing the URL which should fix your issue.
March 28, 2015 at 10:37 am #36325March 28, 2015 at 10:42 am #36326
SamerKeymasterOn the same network as the OpenSprinkler, navigate to it’s web page without using any SSL or proxies. Goto: http://opensprinkler/su.
This will open a basic white page with two input boxes. The top is the Javascript URL which defaults to http://ui.opensprinkler.com and the other is the password which should be MD5 hashed.
Basically, the browser does not want to load non-secure content, is my understanding of the error.
Update: I think I fixed another issue regarding the loader and SSL issues. If you still have issues use https://betaui.opensprinkler.com as the Javascript URL on the /su page.
March 28, 2015 at 11:14 am #36328
aruzsiParticipantDo I have to fullfill the empty password field, too?
March 28, 2015 at 11:17 am #36329
aruzsiParticipantI allways got:
{"result":2} and no change.
March 28, 2015 at 11:18 am #36330
SamerKeymasterYes, it needs to be your password but MD5 hashed (sorry this page needs an update and is a bit behind). If you don’t you how to MD5 hash your password, you can use this tool: http://www.md5.net/md5-generator/
March 28, 2015 at 11:21 am #36333
aruzsiParticipantOK, I changed the URL to https://.
Not hing happened when I use https://locaolo.xxx.yy. I got the login page and after I typed in the password Loading and the login page again.
March 28, 2015 at 11:22 am #36334
SamerKeymasterCan you try to use https://betaui.opensprinkler.com ?
March 28, 2015 at 11:24 am #36335
aruzsiParticipantI tiried it but I got result:2. 🙁
March 28, 2015 at 11:25 am #36336
SamerKeymasterResult 2 means your password is wrong. Use the same hash that worked earlier.
March 28, 2015 at 11:27 am #36339
aruzsiParticipantOK.
I changed to the beta and I got an empty white page.
March 28, 2015 at 11:32 am #36340
SamerKeymasterI sent you an email so we can further troubleshoot the issue.
Thank you
March 28, 2015 at 11:33 am #36341
aruzsiParticipantI’m a little bit confused: changed to the new betaui:
What is the URL:
-
AuthorPosts
- You must be logged in to reply to this topic.
OpenSprinkler › Forums › OpenSprinkler Unified Firmware › https login