Jump to content


Photo

OpenWebIf through HTTPS


  • Please log in to reply
9 replies to this topic

#1 filr0x

  • Member
  • 6 posts

0
Neutral

Posted 14 February 2020 - 12:19

Hi friends, i’ve seen that is there the possibility to setup HTTPS for remote OpenWebIf, to prevent intruders, i want to setup this, but what i must do after enable HTTPS from plugin? How i can create certificate, etc.? Is there a tutorial? Thanks in advance.

Re: OpenWebIf through HTTPS #2 WanWizard

  • Forum Moderator
    PLi® Core member
  • 50,750 posts

+926
Excellent

Posted 14 February 2020 - 12:21

I hate to disappoint you, but HTTPS does precisely zero to prevent intruders...


Currently in use: VU+Duo 4K (2xFBC S2), Amiko Viper T2C (T2), SAB Alpha Triple HD (S2+T2), Zgemma H9.2H ©, Zgemma H6 (fallback), VU+Zero (fallback)

Many answers to your question can be found in our new and improved wiki.

note: I do not provide support via PM !

 


Re: OpenWebIf through HTTPS #3 filr0x

  • Member
  • 6 posts

0
Neutral

Posted 14 February 2020 - 12:32

Hi WanWizard and thanks for your reply, is there a way to prevent or reduce possibility of intrusions? Because i’ve seen that HTTP Auth is vulnerable. Thanks.

Re: OpenWebIf through HTTPS #4 WanWizard

  • Forum Moderator
    PLi® Core member
  • 50,750 posts

+926
Excellent

Posted 14 February 2020 - 12:48

Use a VPN, most routers support them, most NAS devices too.

 

If really needed, you can install OpenVPN on the box itself, but it is a last-resort option, and requires commandline access to configure it.


Currently in use: VU+Duo 4K (2xFBC S2), Amiko Viper T2C (T2), SAB Alpha Triple HD (S2+T2), Zgemma H9.2H ©, Zgemma H6 (fallback), VU+Zero (fallback)

Many answers to your question can be found in our new and improved wiki.

note: I do not provide support via PM !

 


Re: OpenWebIf through HTTPS #5 filr0x

  • Member
  • 6 posts

0
Neutral

Posted 16 February 2020 - 14:45

Ok, thank you, is there a guide to do it?

I must make my home VPN? Or Can i just install OpenVPN on my ZGemma and buy a VPN service (like NordVPN for example)?

Edited by filr0x, 16 February 2020 - 14:48.


Re: OpenWebIf through HTTPS #6 WanWizard

  • Forum Moderator
    PLi® Core member
  • 50,750 posts

+926
Excellent

Posted 16 February 2020 - 15:07

A VPN service is for connecting with a client in your home network to the outside world, and you need the other way, from a client on the internet securely to your home network.

 

Like I said:

  • if your broadband router supports any VPN functionality (but ideally not PPTP), use it
  • if you have a NAS or other device that supports OpenVPN, use it (with a port forward on your router)
  • install OpenVPN on your box as a last resort (with a port forward on your router)

And the reason for that is two-fold:

  • the box is not a security device, there is no privilege separation, everything runs as root
  • there is no documentation I know of, and no GUI to configure it, so it requires knowledge or a lot of Google work

Currently in use: VU+Duo 4K (2xFBC S2), Amiko Viper T2C (T2), SAB Alpha Triple HD (S2+T2), Zgemma H9.2H ©, Zgemma H6 (fallback), VU+Zero (fallback)

Many answers to your question can be found in our new and improved wiki.

note: I do not provide support via PM !

 


Re: OpenWebIf through HTTPS #7 filr0x

  • Member
  • 6 posts

0
Neutral

Posted 16 February 2020 - 16:09

So there is no way to expose OpenWebIf in secure mode by only using the box..?

Re: OpenWebIf through HTTPS #8 WanWizard

  • Forum Moderator
    PLi® Core member
  • 50,750 posts

+926
Excellent

Posted 16 February 2020 - 16:29

No.

 

Like I said, the box is not a security device, there isn't even a proper webserver running on the box, the webif is a python process listening to port 80 requests...

 

The alternative may be to use an SSH tunnel in combination with a public key instead of a password, but that requires knowledge as well.

 

There is an old guide about this (http://www.milosoftw...p?body=dropbear) in Dutch, maybe Google Translate may help here. It describes accessing the WebIf via the SSH tunnel.


Currently in use: VU+Duo 4K (2xFBC S2), Amiko Viper T2C (T2), SAB Alpha Triple HD (S2+T2), Zgemma H9.2H ©, Zgemma H6 (fallback), VU+Zero (fallback)

Many answers to your question can be found in our new and improved wiki.

note: I do not provide support via PM !

 


Re: OpenWebIf through HTTPS #9 jort38

  • Senior Member
  • 398 posts

+5
Neutral

Posted 16 February 2020 - 17:00

No.
 
Like I said, the box is not a security device, there isn't even a proper webserver running on the box, the webif is a python process listening to port 80 requests...
 
The alternative may be to use an SSH tunnel in combination with a public key instead of a password, but that requires knowledge as well.
 
There is an old guide about this (http://www.milosoftw...p?body=dropbear) in Dutch, maybe Google Translate may help here. It describes accessing the WebIf via the SSH tunnel.

u

You can set that page easily to English (tp right). No translation needed.

Xtrend ET10000 (3 TB HD & OpenPli 7), Xtrend ET10000 (1,5 TB HD & OpenPli 7), Xtrend ET10000 (1,5 TB HD & OpenPli 7) and Xtrend ET8000 (1 TB HD & OpenPli 7.2, located in Thailand). All stable releases.


Re: OpenWebIf through HTTPS #10 MiLo

  • PLi® Core member
  • 13,927 posts

+294
Excellent

Posted 16 February 2020 - 19:20

The SSH method is safe and much easier than VPN. It encrypts everything, which can be taxing for low-end (i.e. old) boxes if you want to tunnel live video through it. Also works on most mobile phones and things like that.

 

(Don't be tempted to think that you can just open the web-interface without SSH or VPN and "it won't happen to me". It will happen to you and some enterprising criminal is likely to inject ransomware on everything on your home network.)


Real musicians never die - they just decompose




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users