Here are the specs for my setup:
Raspberry pi 4
OSPI Firmware 2.19 (3)
App Version 2.2.0
I am securing my setup to use SSL. I do not have my system exposed to the internet but I am securing on my local LAN.
First question: is there a way to configure the listen address for OSPI to listen only on the localhost address? I don’t want to rely on a host firewall so I would prefer that the application control that. I want OSPI to be available only through the nginx reverse proxy and not the app port directly.
Second question: I have nginx serving as a reverse proxy to the app. I have a valid 3rd party certificate and have configured nginx to use this valid cert. However, when I go to the SSL site I get a warning that the connection is not fully secure and that is due to remote unsecured data being served. What would be pulling remote content and is there a way to stop or prohibit that? I haven’t seen this issue with my other sites and services that are using this certificate.
Please let me know if there is any additional information that might be helpful.