• 10 dec 2017: forum version update. In case of issues use this topic.
  • 30 nov 2017: pilight moved servers. In case of issues use this topic.
Hello There, Guest! Login Register


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Fully Supported] SSL support in webserver?
#1
Hi,

I want to make my a pilight web-interface accessible from the internet, using username and password, but without SSL (TLS) this is not really secure. There is a lot of SSL code in the library, but I can't find how to enable SSL for the webserver.

Any ideas?

Regards,
Karel.
 
Reply
#2
SSL is not available. SSL was only added to receive SSL data, not to server SSL. Will check if it's easy to serve.
 
Reply
#3
Thanks!
I was trying to use pilight via a reverse proxy with SSL, but native SSL would be easier.
I'll post my results if the reverse proxy setup works.

Regards,
Karel.
 
Reply
#4
I enabled ssl as a custom compilation option.

Certificate should generated like this:
Code:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 1000 -nodes
cat key.pem > /etc/pilight/ssl.pem; cat cert.pem >> /etc/pilight/ssl.pem

I won't include it by default until i manage to get the webserver to run on our built-in ssl library. So it currently requires libssl, libcrypto and libz to compile.

The ssl port can be changed with:
Code:
"webserver-ssl-port": 443

If you set it to 80, use this to connect to ssl:
Code:
https://x.x.x.x:80/
 
Reply
#5
Today i installed the latest nightly development incl. ssl. .
in config.json i set
Code:
"webserver-ssl-port": 5007,
for certificate-generation i followed this thread, ssl.pem was placed in /etc/pilight/ before running setup.sh. I tried to connect with
Code:
https://192.xxx.xxx.xx:5007
but the browser can't connect to this address. In /var/log/pilight.err i found
Code:
[May 17 14:54:01:848464] pilight-daemon: ERROR: config setting "webserver-ssl-port" is invalid
to the end of compiling i got several messages like the following:
Code:
libpilight.a(mongoose.c.o): In function `ns_destroy_conn':
/home/pi/pilight/libs/pilight/core/mongoose.c:532: undefined reference to `SSL_free'
/home/pi/pilight/libs/pilight/core/mongoose.c:535: undefined reference to `SSL_CTX_free'
libpilight.a(mongoose.c.o): In function `ns_use_ca_cert':
/home/pi/pilight/libs/pilight/core/mongoose.c:746: undefined reference to `SSL_CTX_set_verify'
/home/pi/pilight/libs/pilight/core/mongoose.c:747: undefined reference to `SSL_CTX_load_verify_locations'
libpilight.a(mongoose.c.o): In function `ns_use_cert':
/home/pi/pilight/libs/pilight/core/mongoose.c:755: undefined reference to `SSL_CTX_use_certificate_file'
/home/pi/pilight/libs/pilight/core/mongoose.c:756: undefined reference to `SSL_CTX_use_PrivateKey_file'
/home/pi/pilight/libs/pilight/core/mongoose.c:759: undefined reference to `SSL_CTX_ctrl'
/home/pi/pilight/libs/pilight/core/mongoose.c:760: undefined reference to `SSL_CTX_use_certificate_chain_file'
all messages in appending file. Can i set these references by myself?


Attached Files
.txt   messages.txt (Size: 3.75 KB / Downloads: 4)
 
Reply
#6
http://forum.pilight.org/Thread-Partiall...-webserver
 
Reply
#7
or just read the commits of the development
Was a surprise for me to initially Smile
 
Reply
#8
That's not enough because it still doesn't explain why you can't compile with ssl by default. The other thread does.
 
Reply
#9
Agree, I was also trying to refer to the name change of both:

- Renamed webserver-port to webserver-http-port.
- Renamed webserver-ssl-port to webserver-https-port.

shelby_cobra Wrote:for certificate-generation i followed this thread, ssl.pem was placed in /etc/pilight/ before running setup.sh. I tried to connect with
In post #1 he is refering to the thread himself Wink
 
Reply
#10
Thanks for your answers,
but renaming webserver-port to webserver-http-port and webserver-ssl-port to webserver-https-port doesn't help, /var/log/pilight.err:
Code:
[May 17 17:39:32:262741] pilight-daemon: ERROR: config setting "webserver-http-port" is invalid
[May 17 19:36:19:811507] pilight-daemon: ERROR: config setting "webserver-https-port" is invalid
@Curlymoo: i checked several times the instructions you gave 4-12-2015. I suppose, my mistake can be here:
Code:
So it currently requires libssl, libcrypto and libz to compile.
Libssl-dev is installed and contains libcrypto as i know. I couldn't find a package containig libz, but i found
Code:
/usr/lib/arm-linux-gnueabihf/libz.so
on my rpi
 
Reply
  


Possibly Related Threads...
Thread Author Replies Views Last Post
  [Already fixed in 8.1.2] Loss of webserver-connection Ulrich.Arnold 34 2,989 08-02-2019, 02:25 PM
Last Post: curlymo
  Support for shutters nerd123 0 375 10-06-2018, 01:48 PM
Last Post: nerd123
  [Supported] Alecto WS4500 / WS3500 | Ventus W177 Tommybear1979 229 57,630 06-01-2018, 10:06 AM
Last Post: DieterD62
  [Fully Supported] Conrad RSL Switch Hexcode 137 46,568 12-02-2017, 08:48 AM
Last Post: Micha_123
  Conrad RSL Support Druide85 1 1,245 11-03-2017, 10:34 AM
Last Post: MorfelPi
  Webserver (REST API) - POST TopdRob 7 1,829 10-25-2017, 11:17 PM
Last Post: curlymo
  Supported shutter belt winders. muecke 0 755 12-18-2016, 12:02 PM
Last Post: muecke
  webserver-authentication problem with some browsers MorfelPi 4 1,960 09-21-2016, 06:59 PM
Last Post: Emiks5
  OpenWRT Support Rossini 43 16,068 02-29-2016, 10:24 PM
Last Post: Tobias
  Using API webserver send page "message":"failed" fips 1 1,570 01-08-2016, 09:21 AM
Last Post: fips

Forum Jump:


Browsing: 1 Guest(s)