HTTPS support

Posted on
Tue Oct 05, 2010 1:06 pm
dtich offline
Posts: 626
Joined: Sep 24, 2005

HTTPS support

Matt/Jay, what's the chance you will enable HTTPS sessions for indigo at this point? For general use, not only with specific reflectors? I would really like to use secure sessions with all my external server traffic. ... Especially now that Iran's nuclear plant is being cyber targeted, I know my house is next! LOL.

Any thoughts? Thanks!

Posted on
Tue Oct 05, 2010 6:50 pm
matt (support) offline
Site Admin
User avatar
Posts: 19134
Joined: Jan 27, 2003
Location: Texas

Re: HTTPS support

Are you not using (or not wanting to use) a reflector, or are you wanting HTTPS access to some non-Indigo service (security camera, etc.)?

Adding direct HTTPS support to Indigo is definitely on the feature wish list, but I'm not sure it will make it into the next major revision. But it might be pretty easy to do. If anyone with Python knowledge wants to give it a shot, then take a look at this page:

http://www.cherrypy.org/wiki/ServerObject

Looks like the ssl_certificate and ssl_private_key properties need to be set on the Server object. The other hurdle is that I don't think OS X includes pyOpenSSL by default, so it will need to be installed.

Image

Posted on
Tue Oct 05, 2010 7:38 pm
seanadams offline
Posts: 489
Joined: Mar 19, 2008
Location: Saratoga, CA

Re: HTTPS support

Another way is to install Apache and use the "reverse proxy" feature. This will let you enable https to _any_ destination on your internal network, not just Indigo.

Posted on
Wed Oct 06, 2010 7:51 am
CharlieParker offline
Posts: 241
Joined: Apr 10, 2006
Location: Lower Hudson Valley

Re: HTTPS support

/usr/sbin/vpnd (and/or http://macserve.org.uk/projects/ivpn/ - the GUI for vpnd and worth the $25 IMHO).

Posted on
Thu Oct 28, 2010 3:11 pm
dtich offline
Posts: 626
Joined: Sep 24, 2005

Re: HTTPS support

seanadams wrote:
Another way is to install Apache and use the "reverse proxy" feature. This will let you enable https to _any_ destination on your internal network, not just Indigo.


i do use apache already as i serve a couple web sites and services, and i do have an https site, but i don't know how i can do https for the indigo traffic...?

can u give me a primer on using the reverse proxy for this? can i focus it only on the indigo traffic/ports? i can't change all traffic as i have non-secure access to websites needed...

thanks!

Posted on
Thu Oct 28, 2010 3:13 pm
dtich offline
Posts: 626
Joined: Sep 24, 2005

Re: HTTPS support

CharlieParker wrote:
/usr/sbin/vpnd (and/or http://macserve.org.uk/projects/ivpn/ - the GUI for vpnd and worth the $25 IMHO).


yes, considered this, but trying to avoid vpn for this as i'd ideally like it to be easily accessible from any machine and not just mine or one that has the proper front end installed.

thx.

Posted on
Mon Dec 13, 2010 3:49 am
dshj offline
User avatar
Posts: 84
Joined: Jan 16, 2010
Location: San Francisco, CA

Re: HTTPS support

Please add my vote toward SSL support. I already have the certificate for my Mac server, but I don't see how I can add that to the web server running in Indigo.

Anyone else running this on OS X Server? I'm thinking there's got to be a way to handle HTTPS traffic through the built-in web server and then redirect it "internally" via HTTP. I'm just not up to speed on the "Web" module in Server.

Posted on
Mon Dec 13, 2010 8:24 am
matt (support) offline
Site Admin
User avatar
Posts: 19134
Joined: Jan 27, 2003
Location: Texas

Re: HTTPS support

You'll want to setup a reverse proxy in the Apache configuration file.

Personally, I use GoPrism.com (reflector) but hopefully someone that has setup Reverse Proxy for Indigo can chime in with some steps and their httpd.conf changes.

Image

Posted on
Mon Dec 13, 2010 10:18 am
jamus offline
Posts: 180
Joined: Dec 01, 2007

Re: HTTPS support

I also run Mac OS X server. Create a file called proxy.conf in /etc/apache2/sites (you can name it whatever you want, but I think the extension has to be .conf).

Lets say you want your address to Indigo to be https://example.com/indigo/:

Code: Select all
<Location /indigo/>
ProxyPass http://localhost:8176/indigo/
ProxyPassReverse http://localhost:8176/indigo/
AuthType Digest
AuthName "Indigo Control Server"
Require group  family

</Location>

<Location /serverrequest>
ProxyPass http://localhost:8176/indigo/serverrequest
ProxyPassReverse http://localhost:8176/indigo/serverrequest
AuthType Digest
AuthName "Indigo Control Server"
Require group  family
</Location>

<Location /servercommand>
ProxyPass http://localhost:8176/indigo/servercommand
ProxyPassReverse http://localhost:8176/indigo/servercommand
AuthType Digest
AuthName "Indigo Control Server"
Require group  family
</Location>



The last two locations (servercommand and serverrequest) are required for Indigo Touch support over https.

You also need to update /Library/Application Support/Perceptive Automation/Indigo 7/IndigoWebServer/IndigoWebServer.conf:
Code: Select all

[global]

app_root_path = '/indigo/'

Posted on
Sat Oct 21, 2017 9:39 am
mediabox offline
Posts: 23
Joined: Apr 15, 2016

Re: HTTPS support

Awesome. Thanks for the assist. I just set this up for ver Indigo 7.1, and used/secured port 8177 (not sure I needed to), which preserves 8176.

In case this helps anyone...

Prereqs:
Make a self signed cert and put in /etc/apache2/
mkdir -p /var/log/httpd/
OSX: Sierra 10.12.5 (?)

Code: Select all
Jays-Indigo-mini:other root# cat /private/etc/apache2/other/indigo.conf
Listen 8177
<VirtualHost *:8177>
    CustomLog     /var/log/httpd/indigo-access.log combined
    ErrorLog      /var/log/httpd/indigo-error.log
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    SSLEngine on
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    ProxyPass /indigo https://localhost:8176/indigo
    ProxyPassReverse /indigo https://localhost:8176/indigo
    Header set Cache-Control "no-store"
    SSLCertificateFile /etc/apache2/server.crt
    SSLCertificateKeyFile /etc/apache2/server.key

    <Location /indigo/>
        ProxyPass http://localhost:8176/indigo/
        ProxyPassReverse http://localhost:8176/indigo/
        AuthType Digest
        AuthName "Indigo Control Server"
        AuthUserFile /private/etc/apache2/other/htdigest
        Require user jay
        Allow from all
    </Location>

    <Location /serverrequest>
        ProxyPass http://localhost:8176/indigo/serverrequest
        ProxyPassReverse http://localhost:8176/indigo/serverrequest
        AuthType Digest
        AuthName "Indigo Control Server"
        AuthUserFile /private/etc/apache2/other/htdigest
        Require user jay
        Allow from all
    </Location>

    <Location /servercommand>
        ProxyPass http://localhost:8176/indigo/servercommand
        ProxyPassReverse http://localhost:8176/indigo/servercommand
        AuthType Digest
        AuthName "Indigo Control Server"
        AuthUserFile /private/etc/apache2/other/htdigest
        Require user jay
        Allow from all
    </Location>

</VirtualHost>


create a user ('jay' for example, make same as indigo's password) :
Code: Select all
Jays-Indigo-mini:other root# htdigest  -c htdigest Indigo\ Control\ Server jay
Adding password for jay in realm Indigo Control Server.
New password:


Update IndigoWebServer
Code: Select all
Jays-Indigo-mini:IndigoWebServer root# diff IndigoWebServer.py IndigoWebServer.py.orig
236,237c236
<    #app_root_path = cherrypy.config.get('app_root_path', "")
<    app_root_path = "/indigo/"
---
>    app_root_path = cherrypy.config.get('app_root_path', "")
Jays-Indigo-mini:IndigoWebServer root#


Enable Digest
Code: Select all
Jays-Indigo-mini:apache2 root# diff httpd.conf httpd.conf.4
83c83
< LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so
---
> #LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so
Jays-Indigo-mini:apache2 root#

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 2 guests