Activating HTTPS causes black screen

nzrunner · Apr 22, 2020, 12:21 AM

I am running Magic Mirror 2.11.0 on a Pi 4. Runs beautifully. Really impressed.

Now, I am trying to configure it so it uses HTTPS. I have obtained the required .key and .crt files, and dropped them into a folder that MagicMirror can access.

When I change config.js to be as follows, I get a black screen: -

useHttps: true,
httpsPrivateKey: "ssl/mirror.key",
httpsCertificate: "ssl/mirror.crt",

By returning useHttps to false, MagicMirroir runs perfectly again, but obviously only using HTTP.

Any ideas why activating HTTPS causes a black screen?

sdetweil · Apr 22, 2020, 12:36 AM

@nzrunner

And dropped them into a folder that MagicMirror can access

U mean the ~/MagicMirror/ssl folder?
Cause that is what your config said

nzrunner · Apr 22, 2020, 12:42 AM

Yes. I created a folder under MagicMirror called ssl for the certs

karsten13 · Apr 24, 2020, 6:08 PM

AFAIK this is not possible in the current release, but in the upcoming v2.12.0.

So you

can wait until 1.7.2020 or
use the develop branch where this is already included or
patch the electron.js as described here

sdetweil · Apr 24, 2020, 10:00 PM

@karsten13 the changelog says it should work

nzrunner · Apr 26, 2020, 11:21 PM

@sdetweil said in Activating HTTPS causes black screen:

@karsten13 the changelog says it should work

I had read the Changelog as well, and noticed the following entry: -

Add HTTPS support and update config.js.sample

@karsten13 I am happy to wait for the v2.12.0 release. 1st July isn’t that far away ;-)

sdetweil · May 20, 2020, 4:01 PM

@nzrunner July 1, every 3 months a new release

rafhtl · May 20, 2020, 4:01 PM

@sdetweil
Hi Sam
just wanted to tell you that I am using devel and https works fine
BUT
it took me some time to understand this:
in js/electron.js
in line
18
should be
app.commandLine.appendSwitch(“autoplay-policy”, ‘true’);
app.commandLine.appendSwitch(“no-user-gesture-required”, ‘true’);
app.commandLine.appendSwitch(“disable-site-isolation-trials”, ‘true’);
app.commandLine.appendSwitch(“ignore-certificate-errors”, ‘true’);
app.commandLine.appendSwitch(‘allow-insecure-localhost’, ‘true’);

and ofcourse in config also add tls: true
let me know if this turns out to be correct
as soon as I did this it started working
thanks
r

br4tt3 · Aug 17, 2021, 8:49 PM

@rafhtl - could you elaborate on the part of the tls: true in the config file? I cant seem to find any reference to that specific config param. I added the changes that you mention in the electron.js file - with the same result as previously, pitch black screen as soon as i am running on https.

checking the “output” from a remote connection (e.g remote control module) it works over htpps - but for the physical screen its pitch black!

thanks!

karsten13 · Aug 17, 2021, 8:49 PM

There are 2 use cases for which was https implemented:

serveronly
clientonly

This use case with output from the pi on the screen and accessing the mm url’s with https was never implemented.

The above hack from @rafhtl seems not to work with the current electron version.

You can get it working if you put the following lines under the line with mainWindow = new BrowserWindow(electronOptions); in js/electron.js:

mainWindow.webContents.session.setCertificateVerifyProc((request, callback) => {
    callback(0); //this means trust this domain
})

And electron must use https so you have to change the prefix in the following lines to https in the else section or put tls: true, in the config.js.

I’m interested in this usecase because I see nothing what could be protected with https. Everybody who knows your url e.g. https://192.168.0.33:8080/ has full access to your config calling https://192.168.0.33:8080/config/ and can see all your secrets, so I would never run MM in public without protection.