OpenSprinkler Forums Hardware Questions OpenSprinkler HTTPS on OpenSprinkler

Tagged: ,

  • This topic has 7 replies, 6 voices, and was last updated 1 year ago by Ray.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #50924

    wp913
    Participant

    I’m looking at the documentation and none of the examples I see use HTTPS. Is it really the case that secure connections aren’t supported, or am I missing something?

    #51020

    Ray
    Keymaster

    Did you mean you want OpenSprinkler to serve as HTTPS secure server? What would be its SSL certificate?

    #51163

    Andrew
    Participant

    Hi Ray,

    This is also something I would be extremely happy to see added. And the next step would be for it to talk to remote addresses via https as well so that the communication between them is secure.

    For initial configurations a “snakeoil” or other default certificate could be used with a little message on the page suggesting generating a new certificate would be recommended (or possibly just done the first time it starts). Having the option to upload a certificate and key as well, for those of us that can sign our own, would be relatively easy. And of course there’s always the option of letsencrypt.

    BUT, while this would be relatively simple of on an OSPi, it gets much harder on an ESP8266. You likely have enough ram free (about 15-20KB is about all that’s needed) having it capable of running either HTTP or HTTPS is much harder. The amount of code tends to explode as they are different enough to cause problems.

    So from my experience the certificate is a relatively simple thing, supporting both HTTP and HTTPS on a small processor is much, much harder.

    Cheers,
    Andrew

    #51244

    Samer
    Keymaster

    Just to note, the app does support HTTPS and basic AUTH so adding a reverse proxy can give you these protections.

    #60615

    george3
    Participant

    I’ve setup OS behind a reverse proxy (NGINX) which runs on my router with a self-signed cert (I’d use a proper cert via certbot et al but that level of complexity running on my router is more than I want to bite off right now).

    I’m able to log into the web interface by ignoring the cert warning which is fine – so long as the traffic is encrypted (it is) I’m happy.

    Now to my problem: When I try to connect via the web app (which worked fine up until the SSL setup) it fails.

    I have selected “SSL” checkbox, but no luck.

    I suspect the problem is, the android app is rejecting because of the cert error.

    If this is the case, an option to “ignore certificate error” or similar would be very very helpful!

    Your thoughts and suggestions are greatly appreciated – thanks!

    #60845

    Samer
    Keymaster

    I don’t believe we have an option to ignore the self signed certs as we are using the webview to make the AJAX request and not a lower level connection. The certificate requirement is enforced no matter what, as I understand it.

    I would suggest getting a valid, free certificate: https://letsencrypt.org/

    #65258

    SkullKill
    Participant

    i assume that opensprinkler still does not support https/SSL natively ??

    #65271

    Ray
    Keymaster

    Linux-based OpenSprinkler (OSPi) can support SSL as described above. Microcontroller-based OS (like OS 3.0) does not as the chip used in it (ESP8266) is not powerful enough to make it serve SSL as server.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.

OpenSprinkler Forums Hardware Questions OpenSprinkler HTTPS on OpenSprinkler