Viewing 25 posts - 1 through 25 (of 60 total)
  • Author
    Posts
  • #36262

    aruzsi
    Participant

    Hi,

    What is the full URL, when I try to connect to the Sprinkler from the mobil app and SSL connection is choosed?

    I wasn’t able to connect. 🙁

    My LAN setup is as usual: sprinkrel is behind a router with only one IP address so I have to use some DDNS names.

    On the router there is a proxy which makes https->http translation. So I try to reach the sprinkler with this URL:

    https://mysprinkler.myddsn.anything (outside URL) which will be redirected to http://sprinkler:myport (inside URL).

    The normal mode without SSL and port forwarding it is working but what about security then?

     

    BTW: Can I use the normal WEB page from my mobil? It asked the password, wrote out (maybe) Loading … and go back to the password check. 🙁

     

    TIA,

    #36264

    Samer
    Keymaster

    If you are using the mobile application, they are sensitive to the certificate being valid. This means a self signed certificate will not work. Personally, I use startssl.com for free valid SSL.

    Regarding the direct IP it should work fine however your proxy has to add a allow cross origin header (or least forward it from the original request) in order to work from the direct IP.

    If this doesn’t make sense let me know and I can try to better explain.

    Thank you.

    #36265

    aruzsi
    Participant

    Of course I don’t have real SSL cert. My proxy is using self signed cert. I think it is much better then the simple http and my password on the wire.

    So I don’t know why the app is not able to connect through my https proxy.

    I’d like to know the full URL which the app uses. Is that https://<IP:port&gt;? (when the SSL is checked)

    I use some internal WEB pages which is not SSL capable inside protecting the connection until it is travelling on the Net.

    Anyway, do you understand my setup?

    #36266

    aruzsi
    Participant

    Tomorrow I will make a test from real browser outside of my network using https.

    #36267

    aruzsi
    Participant

    startssl.com

    How can I get a cert for any.info.tm domain which is a DDNS? I’m not the administrator for that domain, of course.

    #36268

    aruzsi
    Participant

    With my https frontend proxy the WEB page doesn’t work.

    Password page -> Loading -> password page -> go back. Is this a bug, or anything else?

    #36269

    Samer
    Keymaster

    I understand your setup and also the issue.

    For the app, when using an SSL proxy, it has to have a valid SSL certificate. There isn’t anyway around this from my app’s perspective as these are limits by the OS. Furthermore, my framework (PhoneGap) doesn’t have a way to allow non-valid SSL certificates. Therefore, it needs to be valid. I personally pay for a few domains and use a router or linux server to update my DNS (if it changes). I also use the domain with StartSSL to get a valid SSL certificate.

    Regarding the web interface, like I said earlier, the CORS header is missing. Which deamon are you using for your SSL proxy (Apache, nginx, etc)? Here is a sample Apache configuration to fix the issue:

    <IfModule mod_headers.c>
            # Add support for cross origin requests
            Header set Access-Control-Allow-Origin "*"
    </IfModule>
    

    If you want to see the error message, right click the browser window and push “Inspect Element” anywhere. This will open a new window which has a “Console” tab. This tab will show you error messages in red and when you get kicked back to the home screen you will likely get an error here. If you can, send the error message my way so we can confirm the issue.

    Lastly, addressing your point about the URL: If you check SSL it uses ‘https://&#8217; where as the standard is ‘http://&#8217;. That’s the only difference.

    Thanks

    #36276

    aruzsi
    Participant

    OK, I want to tell you I’m not a WEB or http(s) expert.

    My proxy is running under OpenWRT and the proxy is lighttpd. There isn’t CORS definition in it. I use some SNI based proxy making https front-end for internal WEB pages. I don’t want to use port based virtual hosts because my company’s proxy not accept ports.

    Can you help me?

    And my “cert” was expired about 4 months. 🙁

    Of course I can send you the consents of Console window but it is in Hungarian language. How can I see it in English?

     

    TIA,

    #36284

    Samer
    Keymaster

    Okay, so if your certificate is expired, we know this won’t work within the applications (specifically iOS) so we are only discussing web based access.

    I looked up OpenWRT/lighthttpd and am fairly confident you can add the CORS header by doing the following:

    1) Open the file /etc/lighttpd/lighttpd.conf on the device by using nano or vi.

    2) Add the following code:

    
     setenv.add-response-header = (
          "Access-Control-Allow-Origin" => "*" 
        ) 
    

    If this doesn’t work, feel free to send the screenshots in Hungarian. The general error should be apparent however it is likely CORS related issues.

    Thanks!

    #36320

    aruzsi
    Participant

    In which section do I have to write the code?

    I wrote in the named virtual section and doesn’t work. 🙁

     

    Ez az oldal SHA-1 tanúsítványt használ, ajánlott olyan tanúsítványokat használni, amelyek aláírási algoritmusa az SHA-1-től erősebb hash függvényeket használ.[További információ] locsolo.xxx.yy
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/home.js” oldalon[További információ] locsolo.xxx.yy
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/app.cgz” oldalon[További információ] home.js:44:0
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/app.jgz” oldalon[További információ] home.js:71:0
    A HTML dokumentum karakterkódolása nem volt deklarálva. A dokumentum egyes böngészőbeállítások esetén hibás szöveggel fog megjelenni, ha a dokumentum az US-ASCII tartományon kívüli karaktereket is tartalmaz. Az oldal karakterkódolását a dokumentumban vagy az átviteli protokollban kell deklarálni. locsolo.xxx.yy
    Vegyes (nem biztonságos) megjelenített tartalom betöltése a biztonságos „http://ui.opensprinkler.com/img/favicon.ico” oldalon[További információ] ContentLinkHandler.jsm:167:0
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/lato.ttf” oldalon[További információ] locsolo.xxx.yy
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/index.htm” oldalon[További információ] app.jgz:8:0

    #36321

    aruzsi
    Participant

    Sorry, this is the full output of the Console window:

    Cross-Origin kérés blokkolva: Az azonos eredet házirend nem engedélyezi a távoli erőforrás olvasását innen: http://locsolo.xxx.yy/jp?pw=7bccf2b801ab2524d718168cfdc7dca6. Ez az erőforrás azonos tartományba mozgatásával, vagy a CORS bekapcsolásával javítható. jp
    Ez az oldal SHA-1 tanúsítványt használ, ajánlott olyan tanúsítványokat használni, amelyek aláírási algoritmusa az SHA-1-től erősebb hash függvényeket használ.[További információ] locsolo.xxx.yy
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/home.js” oldalon[További információ] locsolo.xxx.yy
    GET http://ui.opensprinkler.com/js/home.js [Vegyes tartalom][HTTP/1.1 304 Not Modified 43 ms]
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/app.cgz” oldalon[További információ] home.js:44:0
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/js/app.jgz” oldalon[További információ] home.js:71:0
    A HTML dokumentum karakterkódolása nem volt deklarálva. A dokumentum egyes böngészőbeállítások esetén hibás szöveggel fog megjelenni, ha a dokumentum az US-ASCII tartományon kívüli karaktereket is tartalmaz. Az oldal karakterkódolását a dokumentumban vagy az átviteli protokollban kell deklarálni. locsolo.xxx.yy
    GET http://ui.opensprinkler.com/css/app.cgz [Vegyes tartalom][HTTP/1.1 200 OK 477 ms]
    Vegyes (nem biztonságos) megjelenített tartalom betöltése a biztonságos „http://ui.opensprinkler.com/img/favicon.ico” oldalon[További információ] ContentLinkHandler.jsm:167:0
    GET http://ui.opensprinkler.com/js/app.jgz [Vegyes tartalom][HTTP/1.1 200 OK 626 ms]
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/css/lato.ttf” oldalon[További információ] locsolo.xxx.yy
    Vegyes (nem biztonságos) aktív tartalom betöltése a biztonságos „http://ui.opensprinkler.com/index.htm” oldalon[További információ] app.jgz:8:0
    GET http://ui.opensprinkler.com/index.htm [Vegyes tartalom][HTTP/1.1 200 OK 299 ms]

    So CORS blocking is active. 🙁

    #36322

    aruzsi
    Participant

    I tried some thing what I found on the Net.

    If I remove the Allow-Control-Access-Origin declaration, the header consists of that with “*”.

    If I enable it the result will be: “*,*”.

    #36323

    Samer
    Keymaster

    Oh, okay on the /su page where you put the Javascript URL: be sure to put https. For example, the default Javascript URL is http://ui.opensprinkler.com change this to https://ui.opensprinkler.com.

    Also, just so you know this issue is only when using the web site. This shouldn’t occur when using the Google Chrome extension in the store or the FireFox addon.

    Try changing the URL which should fix your issue.

    #36325

    aruzsi
    Participant

    Sorry, where do I have to change http:// to https://?

    Or where is the /su page?

    #36326

    Samer
    Keymaster

    On the same network as the OpenSprinkler, navigate to it’s web page without using any SSL or proxies. Goto: http://opensprinkler/su.

    This will open a basic white page with two input boxes. The top is the Javascript URL which defaults to http://ui.opensprinkler.com and the other is the password which should be MD5 hashed.

    Basically, the browser does not want to load non-secure content, is my understanding of the error.

    Update: I think I fixed another issue regarding the loader and SSL issues. If you still have issues use https://betaui.opensprinkler.com as the Javascript URL on the /su page.

    #36328

    aruzsi
    Participant

    Do I have to fullfill the empty password field, too?

    #36329

    aruzsi
    Participant

    I allways got:

    {"result":2} and no change.
    #36330

    Samer
    Keymaster

    Yes, it needs to be your password but MD5 hashed (sorry this page needs an update and is a bit behind). If you don’t you how to MD5 hash your password, you can use this tool: http://www.md5.net/md5-generator/

    #36333

    aruzsi
    Participant

    OK, I changed the URL to https://.

    Not hing happened when I use https://locaolo.xxx.yy. I got the login page and after I typed in the password Loading and the login page again.

    #36334

    Samer
    Keymaster

    Can you try to use https://betaui.opensprinkler.com ?

    #36335

    aruzsi
    Participant

    I tiried it but I got result:2. 🙁

    #36336

    Samer
    Keymaster

    Result 2 means your password is wrong. Use the same hash that worked earlier.

    #36339

    aruzsi
    Participant

    OK.

    I changed to the beta and I got an empty white page.

    #36340

    Samer
    Keymaster

    I sent you an email so we can further troubleshoot the issue.

    Thank you

    #36341

    aruzsi
    Participant

    I’m a little bit confused: changed to the new betaui:

    What is the URL:

    http://openspinkler-00

    https://openspinkler-00

    http://openspinkler-00:myport

    https://openspinkler-00:myport?

Viewing 25 posts - 1 through 25 (of 60 total)
  • You must be logged in to reply to this topic.