Hello,
is it possible to run Volumio in secure https mode ?
What settings in which files need to be changed ?
Thanks
Ralf
Hello,
is it possible to run Volumio in secure https mode ?
What settings in which files need to be changed ?
Thanks
Ralf
Thanks to willy-tech.de/https-in-nginx-einrichten/
I managed to change it.
Volumio can be accessed now by http and https
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
chmod 0600 /etc/nginx/ssl/*
2.change nginx.conf to
user root users;
worker_processes 1;
#error_log logs/error.log;
error_log /var/log/nginx/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
access_log off;
sendfile on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip off;
proxy_buffering off;
fastcgi_keep_conn on;
#start server1 section
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/access.log;
location / {
root /var/www;
index index.php index.html index.htm;
}
location /db {
proxy_pass http://localhost:81/;
}
location /command {
proxy_pass http://localhost:82/;
}
location ^~ /_OS_SETTINGS {
deny all;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# php5-fpm
location ~ \.php$ {
root /var/www;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_read_timeout 3600;
}
} #end server1 section
#start server2 section [/db]
server {
listen 81;
access_log /var/log/nginx/db.log;
location / {
root /var/www/db;
index index.php;
}
# php5-fpm
location ~ \.php$ {
root /var/www/db;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_read_timeout 3600;
}
} #end server2 section
#start server3 section [/command]
server {
listen 82;
access_log /var/log/nginx/command.log;
location / {
root /var/www/command;
index index.php;
}
# php5-fpm
location ~ \.php$ {
root /var/www/command;
fastcgi_pass 127.0.0.1:9002;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_read_timeout 3600;
}
} #end server2 section
}
How did you manage to get a working certificate?
See #1 and reference link
Hi Rasti
I’ve been trying to get this working for the last couple of days with no success.
Are you still active on this forum? Do you mind if I post my attempts so far and hopefully you could reveiw them and advise where I am getting unstuck?
Thanks!
While this approach has its technical validity, it has some shortcomings (you are using a self signed certificate, which will result in a browser warning).
I would like to remind that we worked 2 years on making https connection possible with MyVolumio. While there are other ways of reaching this result, using MyVolumio remote connection (via myvolumio.org) is the most user friendly way (and secure, since all traffic is encrypted)
Hey Michelangelo
I have ended up subscribing to MyVolumio. But I am having a little trouble justifying the financial committment. Maybe I can offer my reason for wanting a https connection. I also run the very popular iot platiform homeassistant, which you probably know integrates nicely with Volumio as a media player. A nicer user experience via hass is running Volumio inside of an iframe. An iframe card is hass’ ability to run a website within a window within hass’ ui. Unfortunately if Hass is running on an https connection; an embedded iframe’s content must also be served up as https. Thus my desire for Volumio to run on https. So my particular traffic would only ever be within my home network. MyVolumio offers a suite of solutions but my requirement is very targetted. I wish there was a slightly cheaper subscription that would let me achieve my objective.
Congratulations on Volumio - its wonderful!!
Best
Milster
Hi @michelangelo. Are you able to send me a private message, so I can ask something of you please? Thanks! Milster