- This topic has 59 replies, 3 voices, and was last updated 8 years, 12 months ago by
.
-
Posts
-
Hi,
What is the full URL, when I try to connect to the Sprinkler from the mobil app and SSL connection is choosed?
I wasn’t able to connect. 🙁
My LAN setup is as usual: sprinkrel is behind a router with only one IP address so I have to use some DDNS names.
On the router there is a proxy which makes https->http translation. So I try to reach the sprinkler with this URL:
https://mysprinkler.myddsn.anything (outside URL) which will be redirected to http://sprinkler:myport (inside URL).
The normal mode without SSL and port forwarding it is working but what about security then?
BTW: Can I use the normal WEB page from my mobil? It asked the password, wrote out (maybe) Loading … and go back to the password check. 🙁
TIA,
If you are using the mobile application, they are sensitive to the certificate being valid. This means a self signed certificate will not work. Personally, I use startssl.com for free valid SSL.
Regarding the direct IP it should work fine however your proxy has to add a allow cross origin header (or least forward it from the original request) in order to work from the direct IP.
If this doesn’t make sense let me know and I can try to better explain.
Thank you.
Of course I don’t have real SSL cert. My proxy is using self signed cert. I think it is much better then the simple http and my password on the wire.
So I don’t know why the app is not able to connect through my https proxy.
I’d like to know the full URL which the app uses. Is that https://<IP:port>? (when the SSL is checked)
I use some internal WEB pages which is not SSL capable inside protecting the connection until it is travelling on the Net.
Anyway, do you understand my setup?
startssl.com
How can I get a cert for any.info.tm domain which is a DDNS? I’m not the administrator for that domain, of course.
With my https frontend proxy the WEB page doesn’t work.
Password page -> Loading -> password page -> go back. Is this a bug, or anything else?
I understand your setup and also the issue.
For the app, when using an SSL proxy, it has to have a valid SSL certificate. There isn’t anyway around this from my app’s perspective as these are limits by the OS. Furthermore, my framework (PhoneGap) doesn’t have a way to allow non-valid SSL certificates. Therefore, it needs to be valid. I personally pay for a few domains and use a router or linux server to update my DNS (if it changes). I also use the domain with StartSSL to get a valid SSL certificate.
Regarding the web interface, like I said earlier, the CORS header is missing. Which deamon are you using for your SSL proxy (Apache, nginx, etc)? Here is a sample Apache configuration to fix the issue:
<IfModule mod_headers.c> # Add support for cross origin requests Header set Access-Control-Allow-Origin "*" </IfModule>If you want to see the error message, right click the browser window and push “Inspect Element” anywhere. This will open a new window which has a “Console” tab. This tab will show you error messages in red and when you get kicked back to the home screen you will likely get an error here. If you can, send the error message my way so we can confirm the issue.
Lastly, addressing your point about the URL: If you check SSL it uses ‘https://’ where as the standard is ‘http://’. That’s the only difference.
Thanks
OK, I want to tell you I’m not a WEB or http(s) expert.
My proxy is running under OpenWRT and the proxy is lighttpd. There isn’t CORS definition in it. I use some SNI based proxy making https front-end for internal WEB pages. I don’t want to use port based virtual hosts because my company’s proxy not accept ports.
Can you help me?
And my “cert” was expired about 4 months. 🙁
Of course I can send you the consents of Console window but it is in Hungarian language. How can I see it in English?
TIA,
Okay, so if your certificate is expired, we know this won’t work within the applications (specifically iOS) so we are only discussing web based access.
I looked up OpenWRT/lighthttpd and am fairly confident you can add the CORS header by doing the following:
1) Open the file /etc/lighttpd/lighttpd.conf on the device by using nano or vi.
2) Add the following code:
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )If this doesn’t work, feel free to send the screenshots in Hungarian. The general error should be apparent however it is likely CORS related issues.
Thanks!
In which section do I have to write the code?
I wrote in the named virtual section and doesn’t work. 🙁
Ez az oldal SHA-1 tanúsítványt használ, ajánlott olyan tanúsítványokat használni, amelyek aláírási algoritmusa az SHA-1-től erősebb hash függvényeket használ.[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/home.js” oldalon[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/app.cgz” oldalon[További információ] home.js:44:0
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/app.jgz” oldalon[További információ] home.js:71:0
A HTML dokumentum karakterkódolása nem volt deklarálva. A dokumentum egyes böngészőbeállítások esetén hibás szöveggel fog megjelenni, ha a dokumentum az US-ASCII tartományon kívüli karaktereket is tartalmaz. Az oldal karakterkódolását a dokumentumban vagy az átviteli protokollban kell deklarálni. locsolo.xxx.yy
Vegyes (nem biztonságos) megjelenített tartalom betöltése a biztonságos „http://ui.opensprinkler.com/img/favicon.ico” oldalon[További információ] ContentLinkHandler.jsm:167:0
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/lato.ttf” oldalon[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/index.htm” oldalon[További információ] app.jgz:8:0Sorry, this is the full output of the Console window:
Cross-Origin kérés blokkolva: Az azonos eredet házirend nem engedélyezi a távoli erőforrás olvasását innen: http://locsolo.xxx.yy/jp?pw=7bccf2b801ab2524d718168cfdc7dca6. Ez az erőforrás azonos tartományba mozgatásával, vagy a CORS bekapcsolásával javítható. jp
Ez az oldal SHA-1 tanúsítványt használ, ajánlott olyan tanúsítványokat használni, amelyek aláírási algoritmusa az SHA-1-től erősebb hash függvényeket használ.[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/home.js” oldalon[További információ] locsolo.xxx.yy
GET http://ui.opensprinkler.com/js/home.js [Vegyes tartalom][HTTP/1.1 304 Not Modified 43 ms]
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/app.cgz” oldalon[További információ] home.js:44:0
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/app.jgz” oldalon[További információ] home.js:71:0
A HTML dokumentum karakterkódolása nem volt deklarálva. A dokumentum egyes böngészőbeállítások esetén hibás szöveggel fog megjelenni, ha a dokumentum az US-ASCII tartományon kívüli karaktereket is tartalmaz. Az oldal karakterkódolását a dokumentumban vagy az átviteli protokollban kell deklarálni. locsolo.xxx.yy
GET http://ui.opensprinkler.com/css/app.cgz [Vegyes tartalom][HTTP/1.1 200 OK 477 ms]
Vegyes (nem biztonságos) megjelenített tartalom betöltése a biztonságos „http://ui.opensprinkler.com/img/favicon.ico” oldalon[További információ] ContentLinkHandler.jsm:167:0
GET http://ui.opensprinkler.com/js/app.jgz [Vegyes tartalom][HTTP/1.1 200 OK 626 ms]
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/lato.ttf” oldalon[További információ] locsolo.xxx.yy
Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/index.htm” oldalon[További információ] app.jgz:8:0
GET http://ui.opensprinkler.com/index.htm [Vegyes tartalom][HTTP/1.1 200 OK 299 ms]So CORS blocking is active. 🙁
I tried some thing what I found on the Net.
If I remove the Allow-Control-Access-Origin declaration, the header consists of that with “*”.
If I enable it the result will be: “*,*”.
Oh, okay on the /su page where you put the Javascript URL: be sure to put https. For example, the default Javascript URL is http://ui.opensprinkler.com change this to https://ui.opensprinkler.com.
Also, just so you know this issue is only when using the web site. This shouldn’t occur when using the Google Chrome extension in the store or the FireFox addon.
Try changing the URL which should fix your issue.
Sorry, where do I have to change http:// to https://?
Or where is the /su page?
On the same network as the OpenSprinkler, navigate to it’s web page without using any SSL or proxies. Goto: http://opensprinkler/su.
This will open a basic white page with two input boxes. The top is the Javascript URL which defaults to http://ui.opensprinkler.com and the other is the password which should be MD5 hashed.
Basically, the browser does not want to load non-secure content, is my understanding of the error.
Update: I think I fixed another issue regarding the loader and SSL issues. If you still have issues use https://betaui.opensprinkler.com as the Javascript URL on the /su page.
Yes, it needs to be your password but MD5 hashed (sorry this page needs an update and is a bit behind). If you don’t you how to MD5 hash your password, you can use this tool: http://www.md5.net/md5-generator/
OK, I changed the URL to https://.
Not hing happened when I use https://locaolo.xxx.yy. I got the login page and after I typed in the password Loading and the login page again.
Can you try to use https://betaui.opensprinkler.com ?
I’m a little bit confused: changed to the new betaui:
What is the URL:
- You must be logged in to reply to this topic.