OpenSprinkler Forums Hardware Questions OpenSprinkler Pi (OSPi) Secure internet access to OSPi

  • This topic is empty.
Viewing 4 posts - 26 through 29 (of 29 total)
  • Author
    Posts
  • #26360

    atatistcheff
    Participant

    Hey, I’m trying to get the SSL proxy working with the Apache webserver installed. I’ve enabled the proxy modules but am having a problem with the proxy not replacing the references to localhost:8080 as I think it should be. I added a couple lines to try and get it to do so but no joy. Can someone take a gander at this Apache config and tell me if there’s something that jumps out at you? Here is the config:


    ServerName opensprinkler
    ProxyRequests Off
    ProxyVia Off

    Order deny,allow
    Allow from all

    ProxyHTMLExtended On
    ProxyHTMLURLMap http://localhost:8080 /
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    Order allow,deny
    Allow from all
    # AuthName "Access Restricted"
    # AuthType Basic
    # AuthUserFile "/etc/apache2/.htpasswd"
    # Require valid-user

    # Alias /mobile /var/www/sprinklers
    # LogLevel debug
    ProxyHTMLLogVerbose On
    LogLevel warn
    CustomLog /var/log/apache2/access.log combined
    ErrorLog /var/log/apache2/error.log
    SSLEngine on
    SSLCertificateFile /etc/apache2/server.crt
    SSLCertificateKeyFile /etc/apache2/server.key
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

    Here is what the browser is seeing with the view source option in Chrome:





    var baseurl="http://localhost:8080"
    var ver=183,devt=1402508212;
    var sd = {
    nbrd : 1,
    tz : 24,
    en : 1,
    rd : 0,
    mm : 0,
    rdst : 0,
    mas : 0,
    urs : 0,
    rs : 0,
    wl : 100,
    ipas : 0,
    nopts : 13,
    loc : '83704',
    name : '4088 Armstrong',
    ir : [0]
    }

    var sbits=[0,0],ps=0,0],[0,0],[0,0],[0,0],[0,0],[0,0],[0,0],[0,0;
    var lrun=[0,99,86,1402506772];
    var snames=;
    var tempunit="C";
    var cputemp=60.5; var tempunit="C";

    As you can see, I think the problem is that the HTML script tags still have the http://localhost:8080 when that should have been replaced with something like “/”

    Any thoughts would be appreciated.

    #26361

    rederikus
    Participant

    Given that this security stuff if somewhat complicated and the penalty for getting it wrong is that either the security does not work or, one may lose access entirely I would like to suggest that some level of security is implemented on OSPi right on the SDCard image at some future release.

    It would be even nicer if the security could be switched OFF at installation and a simple shell script be included that could be invoked by typing a single command such as “security on” (or security off).

    All that is really needed is to have the Pi request Username and Password at each login. I know that both apache and nginx can both do this and can both remember the password on each machine accessing.

    How this would work with the mobile app I am not sure.

    Anyway that’s my suggestion.

    #26362

    virtus
    Participant

    The security method described earlier in this post would do exactly what you want (require a username and password to access the pi). The mobile app and the web app both support it out of the box. However, I don’t think it could easily be made into a script or SD card image. This is because an SSL certificate is required and you have to go through several steps to get a certificate from a third party that is specific to your device and domain.

    Also it probably wouldn’t be necessary to have an on/off switch because once it’s setup it’s pretty seamless and I can’t think of a situation where you would want to disable it.

    The nice thing about the pi is you can easily make a copy of your SD card. So if you mess up on your security settings, you can just restore your working copy and you are back in business.

    #26363

    adsmart101
    Participant

    Has anybody made this work w/ version 2.0 of OSPi? If so I could sure use your help!!

Viewing 4 posts - 26 through 29 (of 29 total)
  • You must be logged in to reply to this topic.

OpenSprinkler Forums Hardware Questions OpenSprinkler Pi (OSPi) Secure internet access to OSPi