- This topic has 7 replies, 6 voices, and was last updated 4 years ago by
.
-
Posts
-
I’m looking at the documentation and none of the examples I see use HTTPS. Is it really the case that secure connections aren’t supported, or am I missing something?
Did you mean you want OpenSprinkler to serve as HTTPS secure server? What would be its SSL certificate?
Hi Ray,
This is also something I would be extremely happy to see added. And the next step would be for it to talk to remote addresses via https as well so that the communication between them is secure.
For initial configurations a “snakeoil” or other default certificate could be used with a little message on the page suggesting generating a new certificate would be recommended (or possibly just done the first time it starts). Having the option to upload a certificate and key as well, for those of us that can sign our own, would be relatively easy. And of course there’s always the option of letsencrypt.
BUT, while this would be relatively simple of on an OSPi, it gets much harder on an ESP8266. You likely have enough ram free (about 15-20KB is about all that’s needed) having it capable of running either HTTP or HTTPS is much harder. The amount of code tends to explode as they are different enough to cause problems.
So from my experience the certificate is a relatively simple thing, supporting both HTTP and HTTPS on a small processor is much, much harder.
Cheers,
AndrewJust to note, the app does support HTTPS and basic AUTH so adding a reverse proxy can give you these protections.
I’ve setup OS behind a reverse proxy (NGINX) which runs on my router with a self-signed cert (I’d use a proper cert via certbot et al but that level of complexity running on my router is more than I want to bite off right now).
I’m able to log into the web interface by ignoring the cert warning which is fine – so long as the traffic is encrypted (it is) I’m happy.
Now to my problem: When I try to connect via the web app (which worked fine up until the SSL setup) it fails.
I have selected “SSL” checkbox, but no luck.
I suspect the problem is, the android app is rejecting because of the cert error.
If this is the case, an option to “ignore certificate error” or similar would be very very helpful!
Your thoughts and suggestions are greatly appreciated – thanks!
I don’t believe we have an option to ignore the self signed certs as we are using the webview to make the AJAX request and not a lower level connection. The certificate requirement is enforced no matter what, as I understand it.
I would suggest getting a valid, free certificate: https://letsencrypt.org/
- You must be logged in to reply to this topic.