OpenSprinkler › Forums › Hardware Questions › OpenSprinkler › HTTPS on OpenSprinkler
- This topic has 7 replies, 6 voices, and was last updated 4 years, 4 months ago by Ray.
-
AuthorPosts
-
July 3, 2018 at 12:54 am #50924
wp913ParticipantI’m looking at the documentation and none of the examples I see use HTTPS. Is it really the case that secure connections aren’t supported, or am I missing something?
July 8, 2018 at 1:54 am #51020
RayKeymasterDid you mean you want OpenSprinkler to serve as HTTPS secure server? What would be its SSL certificate?
July 16, 2018 at 11:52 pm #51163
AndrewParticipantHi Ray,
This is also something I would be extremely happy to see added. And the next step would be for it to talk to remote addresses via https as well so that the communication between them is secure.
For initial configurations a “snakeoil” or other default certificate could be used with a little message on the page suggesting generating a new certificate would be recommended (or possibly just done the first time it starts). Having the option to upload a certificate and key as well, for those of us that can sign our own, would be relatively easy. And of course there’s always the option of letsencrypt.
BUT, while this would be relatively simple of on an OSPi, it gets much harder on an ESP8266. You likely have enough ram free (about 15-20KB is about all that’s needed) having it capable of running either HTTP or HTTPS is much harder. The amount of code tends to explode as they are different enough to cause problems.
So from my experience the certificate is a relatively simple thing, supporting both HTTP and HTTPS on a small processor is much, much harder.
Cheers,
AndrewJuly 22, 2018 at 9:23 am #51244
SamerKeymasterJust to note, the app does support HTTPS and basic AUTH so adding a reverse proxy can give you these protections.
May 25, 2019 at 2:22 pm #60615
george3ParticipantI’ve setup OS behind a reverse proxy (NGINX) which runs on my router with a self-signed cert (I’d use a proper cert via certbot et al but that level of complexity running on my router is more than I want to bite off right now).
I’m able to log into the web interface by ignoring the cert warning which is fine – so long as the traffic is encrypted (it is) I’m happy.
Now to my problem: When I try to connect via the web app (which worked fine up until the SSL setup) it fails.
I have selected “SSL” checkbox, but no luck.
I suspect the problem is, the android app is rejecting because of the cert error.
If this is the case, an option to “ignore certificate error” or similar would be very very helpful!
Your thoughts and suggestions are greatly appreciated – thanks!
June 5, 2019 at 10:04 pm #60845
SamerKeymasterI don’t believe we have an option to ignore the self signed certs as we are using the webview to make the AJAX request and not a lower level connection. The certificate requirement is enforced no matter what, as I understand it.
I would suggest getting a valid, free certificate: https://letsencrypt.org/
April 19, 2020 at 8:26 am #65258
SkullKillParticipanti assume that opensprinkler still does not support https/SSL natively ??
April 19, 2020 at 11:06 am #65271
RayKeymasterLinux-based OpenSprinkler (OSPi) can support SSL as described above. Microcontroller-based OS (like OS 3.0) does not as the chip used in it (ESP8266) is not powerful enough to make it serve SSL as server.
-
AuthorPosts
- You must be logged in to reply to this topic.
OpenSprinkler › Forums › Hardware Questions › OpenSprinkler › HTTPS on OpenSprinkler