Trick #3: HTTPS with OSPI and Raspberry Pi

[admin]

To HTTPS encrypted on the OSPi To be able to access, you need an HTTPS proxy that encrypts the connection.

One way is to do this with Nginx.

1. Install Nginx:

sudo apt-get update
sudo apt-get install nginx

2. Create SSL certificate:

cd /etc/nginx
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

3. Edit configuration:

sudo nano / etc / nginx / sites-enabled / default

Delete all lines and use this configuration. You may have to adjust the two digits with "RASPI" with the name of your Raspberry Pi.

server {
listen 80;
return 301 https://$host$request_uri;
}

server {

listen 443;
server_name raspi;

ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

# access_log /var/log/nginx/access.log;

location /

proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://localhost:8080;
proxy_read_timeout 90;

proxy_redirect http://localhost:8080 https://raspi;
}
}

4. Activate and restart Nginx:

sudo systemctl enable nginx

sudo service nginx restart

5. Done.

You can now access via browser. It redirects http to https requests or you access it directly via http

The original of the manual comes from here and has been adapted:

https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-with-ssl-as-a-reverse-proxy-for-jenkins

Do not forget to change the port release of your router to the Raspi port 443 (eg change 3000 after raspi/80 to 3000 after raspi/443). In the OpenSprinklerapp then connect using the “SSL” option

[admin]

With the OpenSprinkler 3, this is unfortunately not possible because no SSL client is available for the system. However, you can use an (additional) Linux or Raspberry PI to access the OpenSprinkler 3 to redirect the encryption. Just substitute in the two”http://localhost:8080” – Specify the “localhost” with the IP address of the OpenSprinklers and “8080” with “80”.

 

[Nachtigall]

Great tip, that's what I was looking for anyway. Thanks. I also wanted DynDNS and letsencrypt, but I'll find out if and how that works. Ultimately, it has more to do with Raspberry than with OpenSprinkler to do…

[admin]

Yes, the SSL certificate is such a thing. The application also does not work without a valid certificate, it only works in the web browser and then only if you confirm the certificate warning.

However, there is still the option of exporting the certificate and installing it on the smartphone. The domain name must match the Common Name certificate.

So if you z. B. named his dyndns domain sprinkler.dyndns.bla, then the common name must be exactly that. And that's exactly how you have to use them in the app.

 

[Author]

Posts