I didn’t see where the previous request was closed and the forum automatically suggested I create a new topic, so here:
also I’m kinda scatterbrained right now so please ask questions if something isn’t clear
How to configure HTTPS
Based on this post:
https://forum.magicmirror.builders/topic/8469/how-to-run-as-https
Lines that are commented out (#
) are pre-existing, shown for location reference only. They should not actually be commented out.
Lines that are commented out (//
) can be toggled based on preference.
config/server.js
var fs = require("fs");
#var express = require("express");
#var app = require("express")();
var options = {
key: fs.readFileSync("config/certs/mirror.key"),
cert: fs.readFileSync("config/certs/mirror.crt")
};
//var server = require("http").Server(app);
var server = require("https").Server(options, app);
config/config.js
#var config = {
#address: "0.0.0.0", // Address to listen on, can be:
#port: 8088,
#ipWhitelist: [], // Set [] to allow all IP addresses
useHttps: false,
httpCerts: {
path: "config/certs",
cert: "config/certs/mirror.crt",
key: "config/certs/mirror.key",
port: 4433,
},
Problem:
- config.js is loaded inside
var Server
, wayyyyy down at the bottom. var options
must be defined prior tovar server
(not the same asvar Server
)- this means that any settings must be defined directly inside server.js, which will be overwritten when updating MM.
- because of this, config.js is actually completely useless here. I’m including it as an example of what it should look like if this actually worked.
Solution:
I don’t know node.js, or really javascript. My first instinct is to extract the config definition to the very top of the file. But it seems like the config is loaded via the server, and I’m trying to define the server via the config. I tried to run a squid proxy server to handle https but I couldn’t figure that out. Maybe the answer is to run HTTP and HTTPS simultaneously. Maybe you could have an ipWhitelist for each if you wanted to restrict HTTP access but not HTTPS. To be honest though, I think the whitelist should be handled by the OS’s firewall. iptables isn’t that difficult.
For the record, I’m using node serveronly
and pushing to a chromecast via catt
through cron.