native HTTPS / SSL support in Domoticz

On various Hardware and OS systems: pi / windows / routers / nas, etc
lost
Posts: 111
Joined: Thursday 10 November 2016 10:30
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by lost » Thursday 27 July 2017 8:08

jannl wrote:You need to start domoticz as root. Try 'sudo ./domoticz.sh'. Or just reboot the pi
In my understanding, he's just willing to run Domoticz as a non root user. As there may only be the http(s) usual ports (80/443, thus < 1024) binding needing root rights under Domoticz, he changed them for some figures over 1024.

But this doesn't work: Still binds https to 443 whatever figures in the command line... and complains for root permissions!

Never tried this as with non standard https there is many networks (open-wifi etc) where they will be filtered out, but for security reasons running Domoticz as a non root user makes sense as the executable does not seems to drop rights after ports bindings.

User avatar
jannl
Posts: 872
Joined: Thursday 02 October 2014 6:36
Target OS: Raspberry Pi
Domoticz version: Beta
Location: Geleen
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by jannl » Thursday 27 July 2017 11:35

Hm. Ok. My domoticz.sh is in /etc/init.d. You made no typo in the domoticz.sh you use?

Why not start as root?
Via portforwarding on you router you can arrange a different port.

Verstuurd vanaf mijn SM-G930F met Tapatalk

gomario
Posts: 14
Joined: Wednesday 04 November 2015 7:05
Target OS: Windows
Domoticz version:
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by gomario » Friday 28 July 2017 2:51

lost wrote:
jannl wrote:You need to start domoticz as root. Try 'sudo ./domoticz.sh'. Or just reboot the pi
In my understanding, he's just willing to run Domoticz as a non root user. As there may only be the http(s) usual ports (80/443, thus < 1024) binding needing root rights under Domoticz, he changed them for some figures over 1024.

But this doesn't work: Still binds https to 443 whatever figures in the command line... and complains for root permissions!

Never tried this as with non standard https there is many networks (open-wifi etc) where they will be filtered out, but for security reasons running Domoticz as a non root user makes sense as the executable does not seems to drop rights after ports bindings.
YES! You said it perfectly.
a) trying to run as a non-root user as recommended (generally and even in the domoticz installation guide)
b)non-root won't easily open lower ports (or at all without installing iptables -> no experience with that either + adding more complexity)
...simplest solution is going high port
b) won't start with that port no matter what I specify in domoticz.sh in etc/init.d/domoticz.sh and just in case I missed something even in home/pi/domoticz/domoticz.sh
c) when I run sudo ./domoticz it starts with 443, but that's what I don't want .. only proves that it's installed correctly and can be run at all

To recap... I proceed as such:
1. Fresh install of Debian on my Acer Netbook, update/upgrade, installing domoticz (with openzwave suport) -no a single error/warning
All files are owned by pi..
2. Before even trying to set it for auto start:
I just run ./domoticz and get the error regarding port numbers. With sudo it works(obviously).

When running as pi and changing the port (in the only version of domoticz.sh existing at this time -> no etc/init.d copy yet)
and even after going the init.d start-up route, no matter what I change the port to in either file and it register and give me the low port error.
It is not commented out or anything, totally stock, checked, reinstalled...

If I type ./domoticz -sslwww 8090 ..IT WORKS!

After following "Starting Domoticz automatically when the system boots Init.d Method"
and changing the port in etc/init.d it starts with any port specified but Top still shows as process run by root (chuid in domoticz.sh is ignored?)

Sorry for such a chunky post...I guess I'm trying to give you as much info I can think of...
So..my question after all this then is...Is there any way to run this as pi(non-root user)? As that seems to be the source of all the problems...
Thank you again for all your wisdom gents!

SDISDI
Posts: 15
Joined: Wednesday 09 March 2016 10:18
Target OS: Raspberry Pi
Domoticz version: 3.4834
Contact:

Re: native HTTPS / SSL support in Domoticz

Post by SDISDI » Monday 31 July 2017 23:47

Hi. Not sure if it is the same issue you are seeing, but I have been using the same custom sslwww port for a couple of years, but after updating today (to V3.8153) I have just had to set it to a lower port number.

Code: Select all

sudo service domoticz.sh status -l
returns

Code: Select all

Jul 31 22:31:19 raspberrypi domoticz.sh[654]: 2017-07-31 22:31:19.545  Error: Please specify a valid sslwww port
I haven't found the cut-off yet, but port 31000 is OK but port 35000 gives the error.
RFXtrx433E
Hive 2 Active Heating
Owl CM180 Energy Monitor
Various HomeEasy Receivers
LightwaveRF Plug-in sockets

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests