Author Topic: Security fix: SSL Support natively or via proxy (nginx) (Read 8434 times)

Fmstrat · August 13, 2015, 04:43:27 AM

Quote from: AutoBob on August 12, 2015, 11:50:03 PM

This was also my interest, so I setup stunnel (running as front-end to HG on my Raspberry Pi). I'm using CAcert.org server certificate.

Thanks, your stunnel configuration seems similar to my nginx one. Pretty much any proxy solution would work, and I'm sure the dev's would be happy to get example config files for any service.

Quote from: kevin1 on August 13, 2015, 02:52:00 AM

thanks for all your work on this. does this make hg secure from remote access, or only to android app? there was a tgrea that showed the password could be recovered by a remote site, does your change prevent that?

Hi, the part that makes HG secure is the proxy. Basically, I use a piece of software called nginx to act as a proxy, so when I go to https://external.server.name/ it proxies to http://localhost. This means the insecure traffic only exists on the local machine, and not on the network. This is the part that I offered to write instructions on, but am waiting to hear back from the developers. With nginx setup properly, using the web browser to access HG remotely is secure.

The changes I made to the Android app just allow it to connect to HG through nginx securely, just like through the Web Browser.

Thanks.

JerryR · September 02, 2015, 02:58:09 PM

Frmstat - thank you for all your incredible work on this. It sounds really great.
Has a document been written (or is one planned) that describes how to install and use these items?
Thanks!
Jerry

kevin1 · September 02, 2015, 04:26:17 PM

Any word from Gene if he will be pulling this in for a new HG release (been a while)?

maccosx · September 03, 2015, 07:50:05 PM

Is the modified homegenie app, which from i understand support https connection, is available or can be available somewhere?

i'm using nginx as https proxy and i would like to test it with android app too

kevin1 · October 27, 2015, 05:40:51 PM

Will security improvement be included into recent/new HG build while accessing HG outside home firewall via browser?

nolio · October 27, 2015, 08:58:58 PM

Do you mean without using nginx ?
I have just try with nginx and android app, it work fine !

reza · August 29, 2016, 09:38:23 PM

Any update on this thread? Is the way to get security to use a VPN/Reverse Proxy or has HTTPS support been added?

What about secure coms using the android app?

Also, looks like ca-certificates-mono is no longer in the raspbian distro.. Not sure if it's required anymore?

more G-Labs products

This forum is soon going to be read-only.
Please join the new HomeGenie community on Google+