Re: [SlimDevices: Unix] Installing openssl
Got it. Appreciate the info. I'll stick to using Smartthings as the middle man squeezebox153's Profile: http://forums.slimdevices.com/member.php?userid=72012 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
squeezebox153 wrote: > I'm just trying to enable https on the PiCore -- not understanding the > limitations and need for workarounds. All the more reason to go for option #3 But okay, crash course: https uses encryption to transfer information. While on an open server this encryption is negotiated on the fly, part of that negotiation is an identity exchange for your browser to verify that the information is coming from the correct server (rather than a middle man that intercepted your communication). To be able to do that your browser verifies the signature of the https certificate which it must be able to decrypt by using a key that was pre-installed on your system and is commonly referred to as a trusted authority (which includes Let's Encrypt Corp.). If your browser cannot verify the certificate then hairy things may happen and you probably have experienced this once or twice when accessing a web page through an open network that used some kind of access portal, either requiring you to enter an access code to enable browsing or accept some usage clause. As a rule this is not a free service and while Let's Encrypt appears to be an exception their free certificates are marked to expire in such a short time that you should become annoyed very soon and start paying for one that will require less administration. Yes there are alternatives to using a trusted authority supplied by your OS vendor (who obviously receives payment for it). You can inject your own and create a certificate that won't expire in a hundred years. The point here is that if you're not getting any of this you should not get involved in it. Your main issue here is that your browser won't accept non-encrypted content as part of an encrypted page. The other way around (i.e. encrypted content as part of a non-encrypted page) should not be an issue. Either way you will need some intermediate that will translate one to the other, encrypted to non-encrypted or vice versa, and I suggest you use that to pass off the difficult stuff to them rather than assign yourself a lot of work on maintenance. gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
LMS does not support https, end of story. So you will need some sort of go between that does support https, and then relays http to LMS. piCorePlayer a small player for the Raspberry Pi in RAM. Homepage: https://www.picoreplayer.org Please 'donate' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=U7JHY5WYHCNRU=GB_code=USD=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted) if you like the piCorePlayer paul-'s Profile: http://forums.slimdevices.com/member.php?userid=58858 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
gordonb3 wrote: > Right, I see. So this is effectively not home automation but a nice > frontend on a public server that instructs your browser to fetch the > info from your IoT devices as inline objects. As I see it you have three > options here: > > > - use an old browser that does not block mixed encrypted and plain > content - create a https proxy for every device in your home that does not > natively export it (probably all) - create a plain http proxy on your local network for the public > sharptools server > > > I'm just trying to enable https on the PiCore -- not understanding the limitations and need for workarounds. squeezebox153's Profile: http://forums.slimdevices.com/member.php?userid=72012 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
mherger wrote: > > For background, I'm using a Sharptools dashboard to control the > PiCore: > > I don't know sharptools. Is this a cloud service, or a piece of software > > running in your own network? Do you access LMS from the outside, or the > > LAN only? Sharptools is a cloud service. It renders in the browser. LMS is being accessed via LAN. squeezebox153's Profile: http://forums.slimdevices.com/member.php?userid=72012 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
Right, I see. So this is effectively not home automation but a nice frontend on a public server that instructs your browser to fetch the info from your IoT devices as inline objects. As I see it you have three options here: - use an old browser that does not block mixed encrypted and plain content - create a https proxy for every device in your home that does not natively export it (probably all) - create a plain http proxy on your local network for the public sharptools server gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
For background, I'm using a Sharptools dashboard to control the PiCore: I don't know sharptools. Is this a cloud service, or a piece of software running in your own network? Do you access LMS from the outside, or the LAN only? ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
For background, I'm using a Sharptools dashboard to control the PiCore: [image: https://i.imgur.com/lnXSme5.jpg] Since this is rendered through https, it does not allow http calls: Code: VM117:1 Mixed Content: The page at 'https://sharptools.io/dashboard/view/...' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://172.16.0.241:9000/status.html?p0=play'. This request has been blocked; the content must be served over HTTPS. I have a workaround in place that uses a custom device handler through SmartThings, but I plan to have multiple PiCore players and don't want to depend on SmartThings as a middle man. Thus the need for https. squeezebox153's Profile: http://forums.slimdevices.com/member.php?userid=72012 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
mherger wrote: > > You could use something like https://nginxproxymanager.com. That approach still entails the overhead of having to open ports and getting/maintaining a domain name for your house. I'd argue that using (free) ngrok is much simpler - no need for port forwarding, a valid ssl cert is supplied by ngrok (and lasts longer than the 3-month LE certs), and a domain name is auto-assigned by ngrok. philchillbill's Profile: http://forums.slimdevices.com/member.php?userid=68920 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
Like the other responders I'm unsure why you would need https if you are accessing Player through a local network. There is no added value over unencrypted http for such an environment and it only complicates setup and maintenance, in particular when you resort to using a trusted certificate from Let's Encrypt which requires renewal every three months. It may help if you explain your use case in more detail, so people may point you to already existing solutions. Did you post this to the home automation software user group as well? gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
What I need is an https connection. How can I accomplish that? Does your automation system not allow http? I don't think pCP has support for https to access its settings pages. You could use something like https://nginxproxymanager.com. But the question really is whether you really need https, or whether your approach could be tweaked. Unless you're accessing it from the outside (public internet), I can't really see a need for https. ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
What I need is an https connection. How can I accomplish that? squeezebox153's Profile: http://forums.slimdevices.com/member.php?userid=72012 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
Re: [SlimDevices: Unix] Installing openssl
openssl is installed by default. Openssl creates an encrypted link between two machines. https is just a generic term. piCorePlayer a small player for the Raspberry Pi in RAM. Homepage: https://www.picoreplayer.org Please 'donate' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=U7JHY5WYHCNRU=GB_code=USD=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted) if you like the piCorePlayer paul-'s Profile: http://forums.slimdevices.com/member.php?userid=58858 View this thread: http://forums.slimdevices.com/showthread.php?t=114962 ___ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix