Indigo Domotics

Software Support and Home Automation Forum
https://forums.indigodomo.com/

HTTPS support

https://forums.indigodomo.com/viewtopic.php?f=3&t=6213

Page 1 of 1

HTTPS support

PostPosted: Tue Oct 05, 2010 1:06 pm
by dtich
Matt/Jay, what's the chance you will enable HTTPS sessions for indigo at this point? For general use, not only with specific reflectors? I would really like to use secure sessions with all my external server traffic. ... Especially now that Iran's nuclear plant is being cyber targeted, I know my house is next! LOL.

Any thoughts? Thanks!

Re: HTTPS support

PostPosted: Tue Oct 05, 2010 6:50 pm
by matt (support)
Are you not using (or not wanting to use) a reflector, or are you wanting HTTPS access to some non-Indigo service (security camera, etc.)?

Adding direct HTTPS support to Indigo is definitely on the feature wish list, but I'm not sure it will make it into the next major revision. But it might be pretty easy to do. If anyone with Python knowledge wants to give it a shot, then take a look at this page:

http://www.cherrypy.org/wiki/ServerObject

Looks like the ssl_certificate and ssl_private_key properties need to be set on the Server object. The other hurdle is that I don't think OS X includes pyOpenSSL by default, so it will need to be installed.

Re: HTTPS support

PostPosted: Tue Oct 05, 2010 7:38 pm
by seanadams
Another way is to install Apache and use the "reverse proxy" feature. This will let you enable https to _any_ destination on your internal network, not just Indigo.

Re: HTTPS support

PostPosted: Wed Oct 06, 2010 7:51 am
by CharlieParker
/usr/sbin/vpnd (and/or http://macserve.org.uk/projects/ivpn/ - the GUI for vpnd and worth the $25 IMHO).

Re: HTTPS support

PostPosted: Thu Oct 28, 2010 3:11 pm
by dtich
seanadams wrote:
Another way is to install Apache and use the "reverse proxy" feature. This will let you enable https to _any_ destination on your internal network, not just Indigo.


i do use apache already as i serve a couple web sites and services, and i do have an https site, but i don't know how i can do https for the indigo traffic...?

can u give me a primer on using the reverse proxy for this? can i focus it only on the indigo traffic/ports? i can't change all traffic as i have non-secure access to websites needed...

thanks!

Re: HTTPS support

PostPosted: Thu Oct 28, 2010 3:13 pm
by dtich
CharlieParker wrote:
/usr/sbin/vpnd (and/or http://macserve.org.uk/projects/ivpn/ - the GUI for vpnd and worth the $25 IMHO).


yes, considered this, but trying to avoid vpn for this as i'd ideally like it to be easily accessible from any machine and not just mine or one that has the proper front end installed.

thx.

Re: HTTPS support

PostPosted: Mon Dec 13, 2010 3:49 am
by dshj
Please add my vote toward SSL support. I already have the certificate for my Mac server, but I don't see how I can add that to the web server running in Indigo.

Anyone else running this on OS X Server? I'm thinking there's got to be a way to handle HTTPS traffic through the built-in web server and then redirect it "internally" via HTTP. I'm just not up to speed on the "Web" module in Server.

Re: HTTPS support

PostPosted: Mon Dec 13, 2010 8:24 am
by matt (support)
You'll want to setup a reverse proxy in the Apache configuration file.

Personally, I use GoPrism.com (reflector) but hopefully someone that has setup Reverse Proxy for Indigo can chime in with some steps and their httpd.conf changes.

Re: HTTPS support

PostPosted: Mon Dec 13, 2010 10:18 am
by jamus
I also run Mac OS X server. Create a file called proxy.conf in /etc/apache2/sites (you can name it whatever you want, but I think the extension has to be .conf).

Lets say you want your address to Indigo to be https://example.com/indigo/:

Code: Select all
<Location /indigo/>
ProxyPass http://localhost:8176/indigo/
ProxyPassReverse http://localhost:8176/indigo/
AuthType Digest
AuthName "Indigo Control Server"
Require group  family

</Location>

<Location /serverrequest>
ProxyPass http://localhost:8176/indigo/serverrequest
ProxyPassReverse http://localhost:8176/indigo/serverrequest
AuthType Digest
AuthName "Indigo Control Server"
Require group  family
</Location>

<Location /servercommand>
ProxyPass http://localhost:8176/indigo/servercommand
ProxyPassReverse http://localhost:8176/indigo/servercommand
AuthType Digest
AuthName "Indigo Control Server"
Require group  family
</Location>



The last two locations (servercommand and serverrequest) are required for Indigo Touch support over https.

You also need to update /Library/Application Support/Perceptive Automation/Indigo 7/IndigoWebServer/IndigoWebServer.conf:
Code: Select all

[global]

app_root_path = '/indigo/'

Re: HTTPS support

PostPosted: Sat Oct 21, 2017 9:39 am
by mediabox
Awesome. Thanks for the assist. I just set this up for ver Indigo 7.1, and used/secured port 8177 (not sure I needed to), which preserves 8176.

In case this helps anyone...

Prereqs:
Make a self signed cert and put in /etc/apache2/
mkdir -p /var/log/httpd/
OSX: Sierra 10.12.5 (?)

Code: Select all
Jays-Indigo-mini:other root# cat /private/etc/apache2/other/indigo.conf
Listen 8177
<VirtualHost *:8177>
    CustomLog     /var/log/httpd/indigo-access.log combined
    ErrorLog      /var/log/httpd/indigo-error.log
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    SSLEngine on
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    ProxyPass /indigo https://localhost:8176/indigo
    ProxyPassReverse /indigo https://localhost:8176/indigo
    Header set Cache-Control "no-store"
    SSLCertificateFile /etc/apache2/server.crt
    SSLCertificateKeyFile /etc/apache2/server.key

    <Location /indigo/>
        ProxyPass http://localhost:8176/indigo/
        ProxyPassReverse http://localhost:8176/indigo/
        AuthType Digest
        AuthName "Indigo Control Server"
        AuthUserFile /private/etc/apache2/other/htdigest
        Require user jay
        Allow from all
    </Location>

    <Location /serverrequest>
        ProxyPass http://localhost:8176/indigo/serverrequest
        ProxyPassReverse http://localhost:8176/indigo/serverrequest
        AuthType Digest
        AuthName "Indigo Control Server"
        AuthUserFile /private/etc/apache2/other/htdigest
        Require user jay
        Allow from all
    </Location>

    <Location /servercommand>
        ProxyPass http://localhost:8176/indigo/servercommand
        ProxyPassReverse http://localhost:8176/indigo/servercommand
        AuthType Digest
        AuthName "Indigo Control Server"
        AuthUserFile /private/etc/apache2/other/htdigest
        Require user jay
        Allow from all
    </Location>

</VirtualHost>


create a user ('jay' for example, make same as indigo's password) :
Code: Select all
Jays-Indigo-mini:other root# htdigest  -c htdigest Indigo\ Control\ Server jay
Adding password for jay in realm Indigo Control Server.
New password:


Update IndigoWebServer
Code: Select all
Jays-Indigo-mini:IndigoWebServer root# diff IndigoWebServer.py IndigoWebServer.py.orig
236,237c236
<    #app_root_path = cherrypy.config.get('app_root_path', "")
<    app_root_path = "/indigo/"
---
>    app_root_path = cherrypy.config.get('app_root_path', "")
Jays-Indigo-mini:IndigoWebServer root#


Enable Digest
Code: Select all
Jays-Indigo-mini:apache2 root# diff httpd.conf httpd.conf.4
83c83
< LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so
---
> #LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so
Jays-Indigo-mini:apache2 root#
All times are UTC - 6 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/