- This topic is empty.
-
Posts
-
Hey, I’m trying to get the SSL proxy working with the Apache webserver installed. I’ve enabled the proxy modules but am having a problem with the proxy not replacing the references to localhost:8080 as I think it should be. I added a couple lines to try and get it to do so but no joy. Can someone take a gander at this Apache config and tell me if there’s something that jumps out at you? Here is the config:
ServerName opensprinkler
ProxyRequests Off
ProxyVia Off
Order deny,allow
Allow from all
ProxyHTMLExtended On
ProxyHTMLURLMap http://localhost:8080 /
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Order allow,deny
Allow from all
# AuthName "Access Restricted"
# AuthType Basic
# AuthUserFile "/etc/apache2/.htpasswd"
# Require valid-user
# Alias /mobile /var/www/sprinklers
# LogLevel debug
ProxyHTMLLogVerbose On
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
Here is what the browser is seeing with the view source option in Chrome:
var baseurl="http://localhost:8080"
var ver=183,devt=1402508212;
var sd = {
nbrd : 1,
tz : 24,
en : 1,
rd : 0,
mm : 0,
rdst : 0,
mas : 0,
urs : 0,
rs : 0,
wl : 100,
ipas : 0,
nopts : 13,
loc : '83704',
name : '4088 Armstrong',
ir : [0]
}
var sbits=[0,0],ps=0,0],[0,0],[0,0],[0,0],[0,0],[0,0],[0,0],[0,0;
var lrun=[0,99,86,1402506772];
var snames=;
var tempunit="C";
var cputemp=60.5; var tempunit="C";
As you can see, I think the problem is that the HTML script tags still have the http://localhost:8080 when that should have been replaced with something like “/”
Any thoughts would be appreciated.
Given that this security stuff if somewhat complicated and the penalty for getting it wrong is that either the security does not work or, one may lose access entirely I would like to suggest that some level of security is implemented on OSPi right on the SDCard image at some future release.
It would be even nicer if the security could be switched OFF at installation and a simple shell script be included that could be invoked by typing a single command such as “security on” (or security off).
All that is really needed is to have the Pi request Username and Password at each login. I know that both apache and nginx can both do this and can both remember the password on each machine accessing.
How this would work with the mobile app I am not sure.
Anyway that’s my suggestion.
The security method described earlier in this post would do exactly what you want (require a username and password to access the pi). The mobile app and the web app both support it out of the box. However, I don’t think it could easily be made into a script or SD card image. This is because an SSL certificate is required and you have to go through several steps to get a certificate from a third party that is specific to your device and domain.
Also it probably wouldn’t be necessary to have an on/off switch because once it’s setup it’s pretty seamless and I can’t think of a situation where you would want to disable it.
The nice thing about the pi is you can easily make a copy of your SD card. So if you mess up on your security settings, you can just restore your working copy and you are back in business.
- You must be logged in to reply to this topic.