native HTTPS / SSL support in Domoticz

On various Hardware and OS systems: pi / windows / routers / nas, etc
lost
Posts: 127
Joined: Thursday 10 November 2016 10:30
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by lost » Thursday 27 July 2017 8:08

jannl wrote:You need to start domoticz as root. Try 'sudo ./domoticz.sh'. Or just reboot the pi
In my understanding, he's just willing to run Domoticz as a non root user. As there may only be the http(s) usual ports (80/443, thus < 1024) binding needing root rights under Domoticz, he changed them for some figures over 1024.

But this doesn't work: Still binds https to 443 whatever figures in the command line... and complains for root permissions!

Never tried this as with non standard https there is many networks (open-wifi etc) where they will be filtered out, but for security reasons running Domoticz as a non root user makes sense as the executable does not seems to drop rights after ports bindings.

User avatar
jannl
Posts: 904
Joined: Thursday 02 October 2014 6:36
Target OS: Raspberry Pi
Domoticz version: Beta
Location: Geleen
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by jannl » Thursday 27 July 2017 11:35

Hm. Ok. My domoticz.sh is in /etc/init.d. You made no typo in the domoticz.sh you use?

Why not start as root?
Via portforwarding on you router you can arrange a different port.

Verstuurd vanaf mijn SM-G930F met Tapatalk

gomario
Posts: 14
Joined: Wednesday 04 November 2015 7:05
Target OS: Windows
Domoticz version:
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by gomario » Friday 28 July 2017 2:51

lost wrote:
jannl wrote:You need to start domoticz as root. Try 'sudo ./domoticz.sh'. Or just reboot the pi
In my understanding, he's just willing to run Domoticz as a non root user. As there may only be the http(s) usual ports (80/443, thus < 1024) binding needing root rights under Domoticz, he changed them for some figures over 1024.

But this doesn't work: Still binds https to 443 whatever figures in the command line... and complains for root permissions!

Never tried this as with non standard https there is many networks (open-wifi etc) where they will be filtered out, but for security reasons running Domoticz as a non root user makes sense as the executable does not seems to drop rights after ports bindings.
YES! You said it perfectly.
a) trying to run as a non-root user as recommended (generally and even in the domoticz installation guide)
b)non-root won't easily open lower ports (or at all without installing iptables -> no experience with that either + adding more complexity)
...simplest solution is going high port
b) won't start with that port no matter what I specify in domoticz.sh in etc/init.d/domoticz.sh and just in case I missed something even in home/pi/domoticz/domoticz.sh
c) when I run sudo ./domoticz it starts with 443, but that's what I don't want .. only proves that it's installed correctly and can be run at all

To recap... I proceed as such:
1. Fresh install of Debian on my Acer Netbook, update/upgrade, installing domoticz (with openzwave suport) -no a single error/warning
All files are owned by pi..
2. Before even trying to set it for auto start:
I just run ./domoticz and get the error regarding port numbers. With sudo it works(obviously).

When running as pi and changing the port (in the only version of domoticz.sh existing at this time -> no etc/init.d copy yet)
and even after going the init.d start-up route, no matter what I change the port to in either file and it register and give me the low port error.
It is not commented out or anything, totally stock, checked, reinstalled...

If I type ./domoticz -sslwww 8090 ..IT WORKS!

After following "Starting Domoticz automatically when the system boots Init.d Method"
and changing the port in etc/init.d it starts with any port specified but Top still shows as process run by root (chuid in domoticz.sh is ignored?)

Sorry for such a chunky post...I guess I'm trying to give you as much info I can think of...
So..my question after all this then is...Is there any way to run this as pi(non-root user)? As that seems to be the source of all the problems...
Thank you again for all your wisdom gents!

SDISDI
Posts: 15
Joined: Wednesday 09 March 2016 10:18
Target OS: Raspberry Pi
Domoticz version: 3.4834
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by SDISDI » Monday 31 July 2017 23:47

Hi. Not sure if it is the same issue you are seeing, but I have been using the same custom sslwww port for a couple of years, but after updating today (to V3.8153) I have just had to set it to a lower port number.

Code: Select all

sudo service domoticz.sh status -l
returns

Code: Select all

Jul 31 22:31:19 raspberrypi domoticz.sh[654]: 2017-07-31 22:31:19.545  Error: Please specify a valid sslwww port
I haven't found the cut-off yet, but port 31000 is OK but port 35000 gives the error.
RFXtrx433E
Hive 2 Active Heating
Owl CM180 Energy Monitor
Various HomeEasy Receivers
LightwaveRF Plug-in sockets

Thomasdc
Posts: 236
Joined: Wednesday 11 March 2015 20:13
Target OS: Raspberry Pi
Domoticz version: Beta
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by Thomasdc » Thursday 09 November 2017 22:14

Hi,

i am trying to get the https access to domoticz (RPI) working but it doens't seems to work
so what i did.

in my router, portforwarded an wan port towards the '443' port of domoticz

when i try to access my domoticz from 'https://WAN-IP:Wanport_to_443'
i get the message in my browser that it is an unsafe connection:

https://photos.app.goo.gl/OKT4bDfyxB2VMHWR2

am i doing something wrong?
(i did not do anything except the portfowarding to 443 i didn't install certificates or anything, but i dont think i need to do this? or am i wrong?

i want to use Controliz ( https://www.controlicz.com/faq ) --> so i need to use the ssl connection.. but is what i did right/enough?

thanks!
regards, Thomas

User avatar
mack
Posts: 27
Joined: Friday 08 April 2016 8:23
Target OS: Raspberry Pi
Domoticz version: Stable
Location: Dallas, USA
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by mack » Thursday 09 November 2017 22:23

Thomasdc wrote:
Thursday 09 November 2017 22:14
when i try to access my domoticz from 'https://WAN-IP:Wanport_to_443'
i get the message in my browser that it is an unsafe connection:

https://photos.app.goo.gl/OKT4bDfyxB2VMHWR2

am i doing something wrong?
(i did not do anything except the portfowarding to 443 i didn't install certificates or anything, but i dont think i need to do this? or am i wrong?
The unsafe connection message is normal for self-signed certificates. To continue, add the exception to Allow the connection in your browser and things should be fine. If you wish to avoid the issue, you would need to install an authortity-signed certificate for your domain.. something like LetsEncrypt. Since in your example, you say "WAN-IP", I'm lead to believe you don't have a domain name set up, so the so-called insecure connection would be your only choice. If you didn't want to use the self-signed certificate that ships with domoticz, you can always generate a new one and sign yourself.

Post Reply

Who is online

Users browsing this forum: mozo78 and 2 guests