How to enable HTTPS - Printable Version +- SIP (https://nosack.com/sipforum) +-- Forum: SIP (Sustainable Irrigation Platform) (https://nosack.com/sipforum/forumdisplay.php?fid=1) +--- Forum: Installation and set up questions (https://nosack.com/sipforum/forumdisplay.php?fid=2) +--- Thread: How to enable HTTPS (/showthread.php?tid=144) |
How to enable HTTPS - r.baltasarm - 2019 Mar 09 Hi all, I'm interested in enabling https protocol for web interface. How can I do that?. Thanks to all. RE: How to enable HTTPS - dan - 2019 Mar 09 There are a couple of ways to do it. See the SIP wiki topic about Reverse proxy: https://github.com/Dan-in-CA/SIP/wiki/Reverse-proxy You might also look at the web.py docs: http://webpy.org/cookbook/ssl See the section under web.py 0.37 SIP will be moving to web.py 0.4 in order to be Python 3 compatible. Then you can use the instructions for that version of web.py. If you want to access SIP remotely another option is to install PiVPN: http://www.pivpn.io/ That will give you secure access from anywhere in the world where there is an internet connection. RE: How to enable HTTPS - astrogerard - 2019 Mar 09 If you running SIP on a Pi then I would vote against using Apache2 as a reverse proxy since it is somewhat massive for the Pi. Nginx is more lightweight. You could also look at HAProxy which is really good as a revproxy and do ssl offloading (my preferred option :-) ) --Gerard **edit** If someone is interested I can post my haproxy config RE: How to enable HTTPS - astrogerard - 2019 Mar 11 For those who are interested (if any) in protecting SIP with HAproxy here is my config. I also have made my own node-red dashboard to control SIP from a simple interface. That's why you see the /ui redirect. Code: global RE: How to enable HTTPS - dan - 2019 Mar 11 Thank you Gerard. As always your input is very useful. RE: How to enable HTTPS - r.baltasarm - 2019 Mar 12 Thank you guys... ill try it RE: How to enable HTTPS - cyberumb - 2019 May 02 I use the traefik reverse proxy dock which is a lot simpler. Just a few codes in the traefik rules. [backends] [backends.backend-sip] [backends.backend-sip.servers.server] url = "http://192.168.x.xxx" [frontends] [frontends.frontend-sip] backend = "backend-sip" passHostHeader = true [frontends.frontend-sip.routes.opensprinkler] rule = "Hostip.domain.com" RE: How to enable HTTPS - astrogerard - 2019 May 08 The question was about https/ssl. I don't see any lines on that in your config. RE: How to enable HTTPS - cyberumb - 2019 May 08 (2019 May 08, 08:07 PM)astrogerard Wrote: The question was about https/ssl. I don't see any lines on that in your config.Here are more code lines in my traefik.toml. Once you have traefik setup, you can forward any LAN ip to domain, I got all free DNS domain from duckdns. https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/ # WEB interface of Traefik - it will show web page with overview of frontend and backend configurations [api] entryPoint = "traefik" dashboard = true address = ":8080" # Force HTTPS [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] RE: How to enable HTTPS - astrogerard - 2019 May 11 Thanks for mentioning traefik but to be honest I totally disagree with the writer of the article you mention, HAProxy is in my opinion way easier to usefully add to SIP than a dockerized traefik. For a newbie just adding haproxy to the pi with my config always works even with the limited resources on the pi. btw, I love docker, podman and other containers but for a newbie to start with SIP? ..... not yet :-) |