Page 1 of 2
native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 0:01
by rgroothuis
Hi, any explanation (WIKI) in which I can find how to setup and use the native HTTPS and/or SSL support in Domoticz?
My goal is that I want to open a port on my router and in a secure way let the Pilot Home Automation APP on my iPhone make a connection to my DOmoticz server. In the Pilot APP I can configure the options "SSL" and "Self-signed certificate" but I don't know what to configure on the Domoticz side.
Any hints, suggestions and/or explanations are more than welcome. Thanks.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 8:45
by mrf68
Hi,
activate Website Protection (found in Setup - Settings - System) by entering a username and password. Put these credentials into Pilot. Open port 443 on your router and give it a try.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 8:53
by rgroothuis
mrf68 wrote:Hi,
activate Website Protection (found in Setup - Settings - System) by entering a username and password. Put these credentials into Pilot. Open port 443 on your router and give it a try.
From what I read and understand the "Website protection" is only a login name/password protection. It doesn't force HTTPS or SSL.
I've filled in a login name and password, opened a port on my router (not 443) and I was able to connect using the login name and password but without HTTPS or SSL. So this is not clarified yet.
Other suggestions are welcome as well.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 9:50
by mrf68
Try surfing to https://yourhomeipaddress:port. Does it ask for credentials and do you see a lock in the url? In that case I think you have an https connection.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 10:05
by rgroothuis
mrf68 wrote:Try surfing to https://yourhomeipaddress:port. Does it ask for credentials and do you see a lock in the url? In that case I think you have an https connection.
Yes it is asking for my login name/password. But it is still HTTP. See screenshot
- HTTP screenshot
- Screen Shot 2015-10-21 at 10.03.31.png (40.24 KiB) Viewed 23726 times
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 10:44
by mrf68
HTTPS is normally on port 443. Domoticz also listens for https to port 443. I read you want to use another port. Have you told Domoticz to serve https to that other port? When you open the file /home/pi/domoticz/domoticz.sh you'll see:
Code: Select all
DAEMON_ARGS="-daemon -www 8080 -sslwww 443"
When you want to use a different port for SSL, you need to change that line and change 443 to for example 8443. Restart Domoticz and surf to
HTTPS://ipaddres:8443 and look again.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 11:09
by rgroothuis
mrf68 wrote:HTTPS is normally on port 443. Domoticz also listens for https to port 443. I read you want to use another port. Have you told Domoticz to serve https to that other port? When you open the file /home/pi/domoticz/domoticz.sh you'll see:
Code: Select all
DAEMON_ARGS="-daemon -www 8080 -sslwww 443"
When you want to use a different port for SSL, you need to change that line and change 443 to for example 8443. Restart Domoticz and surf to
HTTPS://ipaddres:8443 and look again.
Thanks, I think this is the trick I was looking for. This issue is now solved (for me), I'm ussing now https and the login name/password to access Domoticz from the outside world.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 12:28
by havnegata
Does this work on Windows system as well?
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 12:29
by rgroothuis
havnegata wrote:Does this work on Windows system as well?
Sorry, cannot comment on that. I'm using a Raspberry.
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 21 October 2015 12:53
by mrf68
The question is: what is it you want to work on Windows?
The defintion of the ports are set during installation, see
https://www.domoticz.com/wiki/Windows.
Re: native HTTPS / SSL support in Domoticz
Posted: Saturday 02 January 2016 16:40
by laguyle
Hi,
I'm looking for a way to change SSL port on my Domoticz hosted on my Synology.
There is no file "domoticz.sh" like on Raspberry...
Does anyone know how to do that ?
Re: native HTTPS / SSL support in Domoticz
Posted: Friday 19 February 2016 17:47
by amz4u2nv
laguyle wrote:Hi,
I'm looking for a way to change SSL port on my Domoticz hosted on my Synology.
There is no file "domoticz.sh" like on Raspberry...
Does anyone know how to do that ?
Am sure you must of sorted it out -
but just in case n for others -
u can go here on synology
/var/packages/domoticz/scripts/start-stop-status
and make changes to the ssl port, not sure what happens when you update the package though.
Re: native HTTPS / SSL support in Domoticz
Posted: Monday 16 May 2016 10:27
by pioupiou92
Hi amz4u2nv,
I'm running Domoticz on a Synology NAS as well. I applied the changes on the start-stop-status script but I'm facing an SSL error. Error messages are:
2016-05-16 10:21:01.218 Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 5085: use_certificate_chain_file: no start line
2016-05-16 10:21:01.218 Error: WebServer(SSL) check if no other application is using port: 5085
RSSLCERT value is the path to my certificat and private key folder. My certificate is valid and runs fine with the Apache web sites hosted on my nAS. It is not an auto signed certificate.
Any idea?
Best regards,
Re: native HTTPS / SSL support in Domoticz
Posted: Friday 17 June 2016 15:21
by Madgeni
Hi there
i've changed the port in domoticz.sh, restarted domoticz, but it's still binding to 443 - any ideas why?
Thanks!
Re: native HTTPS / SSL support in Domoticz
Posted: Saturday 06 August 2016 15:12
by pioupiou92
Finally I'm answering to my own question. To run domotics with HTTPS on a Synology NAS you must:
- Create a text file named server_cert.pem with the 3 blocks : Certificate, chain and private key. Meaning 3 times ---BEGIN--- ---END--- sections.
- Copy this file to Domotics install directory (usually /volume1/@appstore/domoticz)
- Edit (VI) the file /var/packages/domoticz/scripts/start-stop-status
- Set RSSLCERT="${INSTALL_DIR}/server_cert.pem"
- Change the HTTPS port if needed (RSSLPORT="xxxx")
- Stop and restart Domoticz package
There are few error messages (missing SSL DH) however it starts successfully.
Re: native HTTPS / SSL support in Domoticz
Posted: Sunday 04 September 2016 16:01
by derek
Also maybe nice for people to know:
If you have successfully enabled https on whatever port (ideally 443) and you want to disable http, specify "-www 0" instead of "-www 8080" in your DAEMON_ARGS.
It's also in the ./domoticz --help but I didn't know the help flag existed
Re: native HTTPS / SSL support in Domoticz
Posted: Wednesday 12 October 2016 20:47
by flabrosse
Sorry to resurrect this, but I'm having issues with https support. The relevant part of /etc/init.d/domoticz.sh has:
Code: Select all
DAEMON_ARGS="-daemon"
#DAEMON_ARGS="$DAEMON_ARGS -daemonname $NAME -pidfile $PIDFILE"
DAEMON_ARGS="$DAEMON_ARGS -www 8080"
DAEMON_ARGS="$DAEMON_ARGS -sslwww 443"
This is confirmed by domotics when it starts. The logs contain:
Code: Select all
2016-10-12 19:44:12.409 WebServer(HTTP) started on address: :: with port 8080
2016-10-12 19:44:12.414 WebServer(SSL) started on address: :: with port 443
However, when I go to
https://192.168.1.250 I get:
Code: Select all
Your connection is not private
Attackers might be trying to steal your information from 192.168.1.250 (for example, passwords, messages or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
and the https is crossed out in the URL bar.
This is on a Pi3 with raspbian all uptodate and the latest beta of domoticz.
Any idea?
Re: native HTTPS / SSL support in Domoticz
Posted: Thursday 13 October 2016 12:26
by flabrosse
Sorry, got it. There was also an advance link on the same page that allows me to accept the certificate. Solved.
Re: native HTTPS / SSL support in Domoticz
Posted: Tuesday 25 July 2017 16:49
by gomario
Resurrecting yet again...
I just can't change the SSL port for the life of me.
Running latest Jessie. Compiled without a hitch from latest build.
When I run ./domoticz as user "pi" I get:
Code: Select all
2017-07-25 15:42:37.231 Domoticz V3.8122 (c)2012-2017 GizMoCuz
2017-07-25 15:42:37.231 Build Hash: 4157243, Date: 2017-07-24 15:30:30
2017-07-25 15:42:37.232 Startup Path: /home/pi/domoticz/
2017-07-25 15:42:37.374 PluginSystem: Started, Python version '3.4.2'.
2017-07-25 15:42:37.381 Active notification Subsystems: gcm, http (2/12)
2017-07-25 15:42:37.383 WebServer(HTTP) started on address: :: with port 8080
2017-07-25 15:42:37.395 Error: WebServer(SSL) startup failed on address 0.0.0.0 with port: 443: bind: Permission denied
2017-07-25 15:42:37.395 Error: WebServer(SSL) check privileges for opening ports below 1024
2017-07-25 15:42:37.395 Proxymanager started.
2017-07-25 15:42:37.397 Starting shared server on: :::6144
2017-07-25 15:42:37.398 TCPServer: shared server started...
...
"pi" is a member of sudoers + I understand that I still can't open low ports if I'm not root.
I just want to change to a higher port but whatever I put in domoticz.sh is not reflected...
No matter what it still tells me the same error ... 433 can't be opened without permission
Using "./domoticz -sslwww 2400" works without a hitch
What am I missing, is there another config file somewhere or what the hell?
(nothing in etc/init.d ..I haven't added anything to run on startup yet)
My domoticz.sh :
Code: Select all
#! /bin/sh
### BEGIN INIT INFO
# Provides: domoticz
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Home Automation System
# Description: This daemon will start the Domoticz Home Automation System
### END INIT INFO
# Do NOT "set -e"
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
DESC="Domoticz Home Automation System"
NAME=domoticz
USERNAME=pi
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
DAEMON=/home/$USERNAME/domoticz/$NAME
DAEMON_ARGS="-daemon"
#DAEMON_ARGS="$DAEMON_ARGS -daemonname $NAME -pidfile $PIDFILE"
DAEMON_ARGS="$DAEMON_ARGS -www 8080"
DAEMON_ARGS="$DAEMON_ARGS -sslwww 2400"
DAEMON_ARGS="$DAEMON_ARGS -log /var/log/domoticz.txt"
#DAEMON_ARGS="$DAEMON_ARGS -syslog"
.....
everything beyond this is all stock, even the lines above are virtually unchanged...
.....
Thanks in advance, any help would be greatly appreciated...
Re: native HTTPS / SSL support in Domoticz
Posted: Thursday 27 July 2017 7:29
by jannl
You need to start domoticz as root. Try 'sudo ./domoticz.sh'. Or just reboot the pi
Verstuurd vanaf mijn SM-G930F met Tapatalk