Amahi Forums

I notice that the wiki says the following about setting up SSL access to the HDA under Amahi 8:

This is untested and not recommended as it may break your HDA.

Is there a specific reason why this would be different from under Amahi 7 and would break things? I don't mind doing some non-destructive testing!

Is there a specific reason why this would be different from under Amahi 7 and would break things?

Should be the same. However, there have been some issues in the past.

Don't recommend it. For inside your network, it's not a big deal to be using http.

For outside the network, you should always use VPN.

We don't provide support yet in Amahi for this. The guidance is user contributed and not well tested.

Ok, I might have a play and try not to break it! I had it working in the past, but that might have been Amahi 6. I've just created a CA and created some certificates for other machines on the network, and I am running Dovecot and Postfix on my HDA and was planning to enable tls/ssl connections for that.

It can be tricky.

It's your HDA, so you accept the risk.

We can offer little assistance here unfortunately.

It's your HDA, so you accept the risk.

Is the risk losing the web access to the HDA, or can it stop it working completely? I don't mind troubleshooting web access, but if it might stop the HDA working, I may have to set up a test machine.

It took me hours to get the SSL certificates working on a Raspberry Pi running a Unifi wifi controller. Problems with the certificates meant that the web-based controller could not be accessed at all, although the Pi continued to run. I had thought about installing the Unifi Controller on the HDA, and I am glad that I did not!

Not sure what could happen. However if you lose web access to the HDA, you cannot install/uninstall apps, add/remove users or shares.

If you keep track of what you change, then you can change back if there are issues.

Personally I see no need for SSL (https) access inside the network. Between the firewall and other client software, access using http is adequate in most cases.

Do you have a reason for wanting SSL access to the HDA and apps?

Personally I see no need for SSL (https) access inside the network. Between the firewall and other client software, access using http is adequate in most cases.

Do you have a reason for wanting SSL access to the HDA and apps?

This sort of thing is the main reason. With over 40 devices on my network, I don't want passwords going round in the clear if I can avoid it. Although I am careful about the devices that are attached to the network, WiFi-connected devices are a particular risk.

I use static IP addresses with all known devices now, so I can easily firewall groups of devices. I have just written a little script that emails me if a dymanic IP address is allocated to an unknown device on the network, and I log all DNS requests that don't go through the HDA (Chromecasts seem to be the biggest offender).

Makes sense. Was just curious.

Can we close this thread?

It's your HDA, so you accept the risk.

Is the risk losing the web access to the HDA, or can it stop it working completely? I don't mind troubleshooting web access, but if it might stop the HDA working, I may have to set up a test machine.

It took me hours to get the SSL certificates working on a Raspberry Pi running a Unifi wifi controller. Problems with the certificates meant that the web-based controller could not be accessed at all, although the Pi continued to run. I had thought about installing the Unifi Controller on the HDA, and I am glad that I did not!

Digging up old thread

Jaybea,
I too would like to run my HDA over SSL. I don't like passwords running in cleartext over wifi, secured or not. I also am using UniFi, but it is running on my HDA using SSL just fine. I payed the $15 from www.ssls.com for 3 years and now I don't have certificate errors when I run UniFi.

I would like to use those same certificates for the HDA, but I'm unsure how. In theory, it should work, but I'll have to put them in the location that the HDA config wants them, not under the UniFi directory. Did you ever get yours set up?