https access

Get help for Volumio here!

Ads helps Volumio remain Free and Open Source. Please consider donating to help us continue to serve you.

https access

Postby rasti » Mon Jan 25 2016 00:01

Hello,

is it possible to run Volumio in secure https mode ?

What settings in which files need to be changed ?

Thanks

Ralf
Random avatar
rasti
Sunday DIYer
Sunday DIYer
 
Posts: 19
Joined: Sat Jan 02 2016 21:24

Ads helps Volumio remain Free and Open Source. Please consider donating to help us continue to serve you.


https access

Postby rasti » Tue Jan 26 2016 20:43

Thanks to http://willy-tech.de/https-in-nginx-einrichten/
I managed to change it.

Volumio can be accessed now by http and https

1. ssh to volumio and change
Code: Select all
   
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
chmod 0600 /etc/nginx/ssl/*


2.change nginx.conf to
Code: Select all
user root users;
worker_processes  1;

#error_log  logs/error.log;
error_log  /var/log/nginx/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;


    #access_log  logs/access.log  main;
access_log off;
    sendfile        on;
    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  off;
    proxy_buffering off;
    fastcgi_keep_conn on;
   
    #start server1 section
    server {
        listen       80;
    listen 443 ssl;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        access_log  /var/log/nginx/access.log;
        location / {
            root   /var/www;
            index  index.php index.html index.htm;
        }
   
   location /db {
   proxy_pass        http://localhost:81/;
   }

   location /command {
   proxy_pass        http://localhost:82/;
   }
   
   location ^~ /_OS_SETTINGS {
       deny all;
   }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        # php5-fpm
        location ~ \.php$ {
            root           /var/www;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $request_filename;
       fastcgi_read_timeout 3600;
        }
    } #end server1 section
   
    #start server2 section [/db]
    server {
        listen       81;
        access_log  /var/log/nginx/db.log;
        location / {
            root   /var/www/db;
            index  index.php;
        }
        # php5-fpm
        location ~ \.php$ {
            root           /var/www/db;
            fastcgi_pass   127.0.0.1:9001;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $request_filename;
       fastcgi_read_timeout 3600;
        }
    } #end server2 section

    #start server3 section [/command]
    server {
        listen       82;
        access_log  /var/log/nginx/command.log;
        location / {
            root   /var/www/command;
            index  index.php;
        }
        # php5-fpm
        location ~ \.php$ {
            root           /var/www/command;
            fastcgi_pass   127.0.0.1:9002;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $request_filename;
       fastcgi_read_timeout 3600;
        }
    } #end server2 section
}

Random avatar
rasti
Sunday DIYer
Sunday DIYer
 
Posts: 19
Joined: Sat Jan 02 2016 21:24


https access

Postby MobeyDuck » Wed Jan 27 2016 13:16

How did you manage to get a working certificate?
User avatar
MobeyDuck
Moderator
 
Posts: 482
Joined: Sun Jan 05 2014 20:28
Location: The Netherlands


https access

Postby rasti » Wed Jan 27 2016 15:47

MobeyDuck wrote:How did you manage to get a working certificate?

See #1 and reference link
Random avatar
rasti
Sunday DIYer
Sunday DIYer
 
Posts: 19
Joined: Sat Jan 02 2016 21:24


https access

Postby Milster » Tue Jan 14 2020 01:50

Hi Rasti
I've been trying to get this working for the last couple of days with no success.
Are you still active on this forum? Do you mind if I post my attempts so far and hopefully you could reveiw them and advise where I am getting unstuck?
Thanks!
Random avatar
Milster
Fresh off the boat
Fresh off the boat
 
Posts: 3
Joined: Tue Jan 14 2020 01:46


https access

Postby michelangelo » Tue Jan 14 2020 14:07

While this approach has its technical validity, it has some shortcomings (you are using a self signed certificate, which will result in a browser warning).
I would like to remind that we worked 2 years on making https connection possible with MyVolumio. While there are other ways of reaching this result, using MyVolumio remote connection (via myvolumio.org) is the most user friendly way (and secure, since all traffic is encrypted)
User avatar
michelangelo
Founder
 
Posts: 4471
Joined: Sun Dec 15 2013 23:18


https access

Postby Milster » Fri Jan 17 2020 02:13

Hey Michelangelo
I have ended up subscribing to MyVolumio. But I am having a little trouble justifying the financial committment. Maybe I can offer my reason for wanting a https connection. I also run the very popular iot platiform homeassistant, which you probably know integrates nicely with Volumio as a media player. A nicer user experience via hass is running Volumio inside of an iframe. An iframe card is hass' ability to run a website within a window within hass' ui. Unfortunately if Hass is running on an https connection; an embedded iframe's content must also be served up as https. Thus my desire for Volumio to run on https. So my particular traffic would only ever be within my home network. MyVolumio offers a suite of solutions but my requirement is very targetted. I wish there was a slightly cheaper subscription that would let me achieve my objective.
Congratulations on Volumio - its wonderful!!
Best
Milster
Random avatar
Milster
Fresh off the boat
Fresh off the boat
 
Posts: 3
Joined: Tue Jan 14 2020 01:46


https access

Postby Milster » Tue Jan 21 2020 01:59

Hi @michelangelo. Are you able to send me a private message, so I can ask something of you please? Thanks! Milster
Random avatar
Milster
Fresh off the boat
Fresh off the boat
 
Posts: 3
Joined: Tue Jan 14 2020 01:46


Return to Help

Who is online

Users browsing this forum: No registered users and 1 guest