I have basic remote access working via a pc & my iPhone. I am struggling setting up SSL.
I have port 443 configures in Domoticz and my router.
When I try HTTPS access using: https://XX.XX.XX.XX:8080, I get the error:
XX.XX.XX.XX sent an invalid response
ERR_SSL_PROTOCOL_ERROR
I am unclear on SSL certification / self certification.
Very limited help on the web, so any help would be appreciated.
Kevin R
SSL Setup Errors
Moderator: leecollings
-
- Posts: 25
- Joined: Saturday 07 May 2016 22:10
- Target OS: Windows
- Domoticz version: 3.5877
- Location: Cheshire
- Contact:
Re: SSL Setup Errors - Help Please
Still having issues:
Normal login: C:\Program Files (x86)\Domoticz\domoticz.exe" -www 8080 -sslwww 443
I tried to add a certificate file:
"C:\Program Files (x86)\Domoticz\domoticz.exe" -www 8080 -sslwww 443 -sslcert file_path C:\Program Files (x86)\Domoticz\server_cert.pem
Does not work !
Any ideas - I am struggling here
Regards
KevinR
Normal login: C:\Program Files (x86)\Domoticz\domoticz.exe" -www 8080 -sslwww 443
I tried to add a certificate file:
"C:\Program Files (x86)\Domoticz\domoticz.exe" -www 8080 -sslwww 443 -sslcert file_path C:\Program Files (x86)\Domoticz\server_cert.pem
Does not work !
Any ideas - I am struggling here
Regards
KevinR
-
- Posts: 34
- Joined: Wednesday 26 October 2016 21:01
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 3.5877
- Contact:
Re: SSL Setup Errors
May I suggest instead of trying to use the web version on SSL you try a VPN?
The reason I suggest this is for a few reasons
1) you don't have to mess with SSL on domoticz like you're experiencing
2) opening domoticz to the web is dangerous
3) setting up a VPN is VERY easy if you have a pi and it only is a small inconvenience to pay for better security.
you will also have access to the internal network such as your pc as you said. or use teamviewer as that is encrypted and you don't have to deal with ssl which includes a reverse proxy which is more secure than opening the 8080 port on your router
We have to rely on the makers and contributors of domoticz which are better at coding than I, but even then the best coders make mistakes which could allow access accidentally to hackers. A VPN tunnels into your network without exposing anything to the outside. You still open a port just like you did with 8080 and once setup it is not that hard to control from a tablet or phone or computer.
OpenVPN while still open source like domoticz has a much much bigger community that is able to keep its platform secure with more eyes and security professionals looking at it.
here is the script that sets up VPN on pi. I would imagine it would work on other linux flavors but I have not tried it
http://www.pivpn.io/
or windows
http://www.howtogeek.com/135996/how-to- ... -software/
The reason I suggest this is for a few reasons
1) you don't have to mess with SSL on domoticz like you're experiencing
2) opening domoticz to the web is dangerous
3) setting up a VPN is VERY easy if you have a pi and it only is a small inconvenience to pay for better security.
you will also have access to the internal network such as your pc as you said. or use teamviewer as that is encrypted and you don't have to deal with ssl which includes a reverse proxy which is more secure than opening the 8080 port on your router
We have to rely on the makers and contributors of domoticz which are better at coding than I, but even then the best coders make mistakes which could allow access accidentally to hackers. A VPN tunnels into your network without exposing anything to the outside. You still open a port just like you did with 8080 and once setup it is not that hard to control from a tablet or phone or computer.
OpenVPN while still open source like domoticz has a much much bigger community that is able to keep its platform secure with more eyes and security professionals looking at it.
here is the script that sets up VPN on pi. I would imagine it would work on other linux flavors but I have not tried it
http://www.pivpn.io/
or windows
http://www.howtogeek.com/135996/how-to- ... -software/
- emme
- Posts: 909
- Joined: Monday 27 June 2016 11:02
- Target OS: Raspberry Pi / ODroid
- Domoticz version: latest
- Location: Milano, Italy
- Contact:
Re: SSL Setup Errors
the role on the router is:
outside: port:8080
inside: DomoticzIPAddress:443
are you behind a firewall or a proxy on you client side?
have you aso tried to run somoticz with option -sslwww 8080 -www 81 ?
outside: port:8080
inside: DomoticzIPAddress:443
are you behind a firewall or a proxy on you client side?
have you aso tried to run somoticz with option -sslwww 8080 -www 81 ?
The most dangerous phrase in any language is:
"We always done this way"
"We always done this way"
-
- Posts: 34
- Joined: Wednesday 26 October 2016 21:01
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 3.5877
- Contact:
Re: SSL Setup Errors
emme is right
you have to do what's called port mapping(fowarding) which is taking external port https::externalip:8080 to https::internalpcip:443
most aftermarket routers support this.
some routers supplied by the company does not have this funtionality
or another option is you change the ssl port of domoticz to 8080 as well
but imo I would still go with the VPN option
you have to do what's called port mapping(fowarding) which is taking external port https::externalip:8080 to https::internalpcip:443
most aftermarket routers support this.
some routers supplied by the company does not have this funtionality
or another option is you change the ssl port of domoticz to 8080 as well
but imo I would still go with the VPN option
Who is online
Users browsing this forum: No registered users and 1 guest