SOLVED How to run as "https"?

A Former User

I’m not familiar with MM core, so I just want to know this.
When MM is executed, MM seems to be recognized as using “http” basically.
Is there a way of using “https” instead “http”?
I mean, How can I activate “https://localhost:8080” ?

Veldrovive

As far as I know, it is pretty simple.
In your js/server.js file, you are going to want to convert the http server it is using to an https one.
First thing you are going to want to do is to create a self-signed certificate which is explained much better than I can on stack overflow.

You can store those in any folder you want, but I just put them under js/https/* in order to have them close by.

Then, in the server.js file, comment out var server = require("http").Server(app); near the top of the file. Underneath the imports, add a line importing your key and cert like so:

var options = {
  key: fs.readFileSync(path.join(__dirname, "/https/key.pem")),
  cert: fs.readFileSync(path.join(__dirname, "/https/cert.pem"))
};

Underneath that, insert the line var server = require("https").Server(options, app); to substitute an https server for the http one. Finally, copy the line var io = require("socket.io")(server); below that and start your mirror.

Veldrovive

As far as I know, it is pretty simple.
In your js/server.js file, you are going to want to convert the http server it is using to an https one.
First thing you are going to want to do is to create a self-signed certificate which is explained much better than I can on stack overflow.

You can store those in any folder you want, but I just put them under js/https/* in order to have them close by.

Then, in the server.js file, comment out var server = require("http").Server(app); near the top of the file. Underneath the imports, add a line importing your key and cert like so:

var options = {
  key: fs.readFileSync(path.join(__dirname, "/https/key.pem")),
  cert: fs.readFileSync(path.join(__dirname, "/https/cert.pem"))
};

Underneath that, insert the line var server = require("https").Server(options, app); to substitute an https server for the http one. Finally, copy the line var io = require("socket.io")(server); below that and start your mirror.

Veldrovive

As a slightly more easy to deal with version, you can just add

var server = require("http").Server(app);
if(config.useHttps){
    var options = {
        key: fs.readFileSync(path.join(config.httpCertPath, "key.pem")),
        cert: fs.readFileSync(path.join(config.httpCertPath, "cert.pem"))
    }
    server = require("https").Server(options, app);
}


var io = require("socket.io")(server);

in the same server.js file right under the var Server = function(config, callback) { line.
In your config.js, you can modify it to be

var config = {
    useHttps: true,
    httpCertPath: "ABSOLUTE_PATH",
}

and then you can switch back and forth if you need.

Lorenz

I did this but when i want try to access https://ipaddress:8080 “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” is returned in the google browser. Do you know the solution for this problem?

Veldrovive

@Lorenz
Could you post your server.js file so we can just make sure there aren’t many spelling mistakes?

• The first thing that you should do is make sure that the path you supplied to the key and cert is correct. This error can arise if you are not pointing to the correct files.
• Second, you can try to remake the cert and key and see if there was just some error the first time.
• Third, I would try to figure out if the SSL version is correct. I’m not especially sure how this works, but when I ran into this issue once, somebody had said that the TLS version was incorrect.
• Last, I would just try to reinstall openSSL and generate a new key.

Lorenz

It worked! thanks for the support but i have another question is it possible to use a signed certificate because now when i go to the magic mirror page i receive “your connection is not private”.

Veldrovive

@Lorenz
In order to get a signed certificate, you need to go through a CA or certificate authority. Most of the time, magic mirrors are run on localhost and therefore cannot get a signed certificate so you just have to trust the IP on your browser and deal with the fact that it is not “trusted”.
If you do happen to have a domain lying around, you can get a signed certificate for that and then use it to have a trusted website, but that’s a bunch of work and usually not worth it. If you do decide to go that route, there are a couple of places to sign certificates for free and I would suggest a quick google search to find them.

Lorenz

Thank you for the information! I have a PWA to control the magic mirror but a PWA is always https. So my http requests are not allowed but for my PWA i used let’s encrypt for a free certificate. Is it possible to make a wildcart cetficate for my PWA and use the same for the magic mirror?

Veldrovive

I’m not familiar with how a PWA works so I’m not quite sure what you are asking here. Are you saying that you have a PWA running that has a valid ssl encryption and you want to send requests from the PWA to your magic mirror, but they are being blocked due to mixed content policies?
What happens when you request to the magic mirror that is using the unsigned certificate?
A wildcard certificate handles subdomains so if you wanted to use the same certificate you would need to point a subdomain to your magic mirror.