https access to HDA

jaybea
Posts: 56
Joined: Tue Dec 15, 2009 1:24 am

https access to HDA

Postby jaybea » Sun Jan 31, 2016 10:53 am

I notice that the wiki says the following about setting up SSL access to the HDA under Amahi 8:
This is untested and not recommended as it may break your HDA.
Is there a specific reason why this would be different from under Amahi 7 and would break things? I don't mind doing some non-destructive testing!

User avatar
bigfoot65
Project Manager
Posts: 11136
Joined: Mon May 25, 2009 4:31 pm

Re: https access to HDA

Postby bigfoot65 » Sun Jan 31, 2016 11:11 am

Is there a specific reason why this would be different from under Amahi 7 and would break things?
Should be the same. However, there have been some issues in the past.

Don't recommend it. For inside your network, it's not a big deal to be using http.

For outside the network, you should always use VPN.

We don't provide support yet in Amahi for this. The guidance is user contributed and not well tested.
ßîgƒσστ65
Applications Manager

jaybea
Posts: 56
Joined: Tue Dec 15, 2009 1:24 am

Re: https access to HDA

Postby jaybea » Sun Jan 31, 2016 11:30 am

Ok, I might have a play and try not to break it! I had it working in the past, but that might have been Amahi 6. I've just created a CA and created some certificates for other machines on the network, and I am running Dovecot and Postfix on my HDA and was planning to enable tls/ssl connections for that.

User avatar
bigfoot65
Project Manager
Posts: 11136
Joined: Mon May 25, 2009 4:31 pm

Re: https access to HDA

Postby bigfoot65 » Sun Jan 31, 2016 11:32 am

It can be tricky.

It's your HDA, so you accept the risk.

We can offer little assistance here unfortunately.
ßîgƒσστ65
Applications Manager

jaybea
Posts: 56
Joined: Tue Dec 15, 2009 1:24 am

Re: https access to HDA

Postby jaybea » Sun Jan 31, 2016 12:36 pm

It's your HDA, so you accept the risk.
Is the risk losing the web access to the HDA, or can it stop it working completely? I don't mind troubleshooting web access, but if it might stop the HDA working, I may have to set up a test machine.

It took me hours to get the SSL certificates working on a Raspberry Pi running a Unifi wifi controller. Problems with the certificates meant that the web-based controller could not be accessed at all, although the Pi continued to run. I had thought about installing the Unifi Controller on the HDA, and I am glad that I did not!

User avatar
bigfoot65
Project Manager
Posts: 11136
Joined: Mon May 25, 2009 4:31 pm

Re: https access to HDA

Postby bigfoot65 » Sun Jan 31, 2016 12:42 pm

Not sure what could happen. However if you lose web access to the HDA, you cannot install/uninstall apps, add/remove users or shares.

If you keep track of what you change, then you can change back if there are issues.

Personally I see no need for SSL (https) access inside the network. Between the firewall and other client software, access using http is adequate in most cases.

Do you have a reason for wanting SSL access to the HDA and apps?
ßîgƒσστ65
Applications Manager

jaybea
Posts: 56
Joined: Tue Dec 15, 2009 1:24 am

Re: https access to HDA

Postby jaybea » Wed Feb 03, 2016 10:18 am

Personally I see no need for SSL (https) access inside the network. Between the firewall and other client software, access using http is adequate in most cases.

Do you have a reason for wanting SSL access to the HDA and apps?
This sort of thing is the main reason. With over 40 devices on my network, I don't want passwords going round in the clear if I can avoid it. Although I am careful about the devices that are attached to the network, WiFi-connected devices are a particular risk.

I use static IP addresses with all known devices now, so I can easily firewall groups of devices. I have just written a little script that emails me if a dymanic IP address is allocated to an unknown device on the network, and I log all DNS requests that don't go through the HDA (Chromecasts seem to be the biggest offender).

User avatar
bigfoot65
Project Manager
Posts: 11136
Joined: Mon May 25, 2009 4:31 pm

Re: https access to HDA

Postby bigfoot65 » Wed Feb 03, 2016 4:43 pm

Makes sense. Was just curious.

Can we close this thread?
ßîgƒσστ65
Applications Manager

tamorgen
Posts: 42
Joined: Wed Jul 17, 2013 1:48 pm

Re: https access to HDA

Postby tamorgen » Tue Dec 19, 2017 12:47 pm

It's your HDA, so you accept the risk.
Is the risk losing the web access to the HDA, or can it stop it working completely? I don't mind troubleshooting web access, but if it might stop the HDA working, I may have to set up a test machine.

It took me hours to get the SSL certificates working on a Raspberry Pi running a Unifi wifi controller. Problems with the certificates meant that the web-based controller could not be accessed at all, although the Pi continued to run. I had thought about installing the Unifi Controller on the HDA, and I am glad that I did not!
Digging up old thread

Jaybea,
I too would like to run my HDA over SSL. I don't like passwords running in cleartext over wifi, secured or not. I also am using UniFi, but it is running on my HDA using SSL just fine. I payed the $15 from www.ssls.com for 3 years and now I don't have certificate errors when I run UniFi.

I would like to use those same certificates for the HDA, but I'm unsure how. In theory, it should work, but I'll have to put them in the location that the HDA config wants them, not under the UniFi directory. Did you ever get yours set up?

Who is online

Users browsing this forum: Google [Bot] and 3 guests