It appears that inbound http traffic to OpenSprinkler hardware is unencrypted.
In the past, with various IoT devices, I’ve added SSL/TLS encryption using stunnel (or similar) in addition to port forwarding for http through an OpenWRT router. This allows better security than port forwarding with unencrypted web traffic and passwords flowing inbound into your local network while also not requiring any modifications to the IoT device.
While I expect this will work just fine for direct inbound web access I am less sure that it will work with the OpenSprinkler mobile apps. So are those apps capable of using https for connections?
Or have I missed something and there is some other mechanism for security being used?
I would also like to know this. I have an OSPI running nginx doing HTTPS proxy. It works ok if I use a web browser to access OSPI from outside my network. However, it does not work with the Android native client version 1.4.11. Traffic is reaching OSPI (verified with tcpdump) but the mobile app can’t connect.
EDIT: issue fixed, my certificate chain was incomplete, which made it work with Chrome but not with OpenSprinkler for Android 1.4.11. Now I have TLS working fine.