Add HTTPS to intranet server - https

I am using a raspberry pi 3 to host an internal server on my cars wi-fi network. What I would like is for those connected to my network in the car to be able to access an intranet page with a map and stats about the trip's length, speed, ect. I am using Mapbox's GL JS library but the geolocation services requires a secure connection to function. Is there a way to ensure the connection between the intranet server (pi) and the user is secure so the location functionality can be enabled?


The short answer for your question will be that yes you can install SSL on raspberry pi use this link for that.
The long answer will be that you can't do that because you will have a problem with port 443 will enabling it on the firewall and you will suffer with it more, but you may same how find a solution here
or here I hope so.

Related

access to relay boards via VPN

I have a few 'smart' relay boards on different sites. These boards have a ethernet connection and are running a built-in web server on TCP 8080. I can access them from the local network and control them via a browser.
To control these boards remotely, I could assign them a fixed local IP address, open TCP port 8080 on my router and forward it to that address. But this is a risky thing to do, off course.
And I would have to do this on the different routers (from different IPSs) on each site and keep track of all these public IP addresses. (Via a dyndns service. Most routers are not VPN-enabled, afaik.)
Is there a better way using VPN-tunnels? I already have a Linux VPS running for other purposes and could install a Raspberry Pi on each location. All these Raspi's could connect to my VPS. And I would no longer need the dyndns.
Maybe, I could also find a way to map the URLs for the different relay boards to a more human-friendly form. Like this: http://myvps.domain.com/site2/relayboard3
How can I achieve this? I could install OpenVPN on the VPS server and the Raspberry Pi's (one for each site). But how do I have to configure this? VPS in the role as VPN server and Raspi's as VPN clients?
(I assume the gateway address from the relay boards has to change to the local address from the Raspberry.)
And do I need a VPN client om my Android phone to be able to browse to the relay boards or not?
What do I need to forward the http connections to the correct relay board? A proxy server?

websocket will not connect from remote server

I have a web page to control a thermostat on a raspberry pi, and I'm running into difficulties when trying to get websockets to work from a remote client. It seems to work fine when on LAN however. I'm obviously missing something (and likely something basic), but I can't seem to figure out what it is.
The pi's local ip is 192.168.1.134. The web page (served from apache server) has the URL http://192.168.1.134:8010/thermostat.html. The page starts up some javascript, which then tries to connect to the pi's main program using websockets via ws://192.168.1.134:9000. (the server on the pi is running libwebsockets). The websocket comes up, and it seems to work fine. I then tried to connect via a remote client (a cell phone, where wifi was turned off) from http:\\23.239.99.99:8010\thermostat.html. The html/js files load fine, but the web socket attempts to connect to uri ws:\\23.239.99.99:9000, and this fials.
As far as I can tell, the NAT seems to be configured properly:
name ext ext protocol int int ip addr interface
port port port port
start end start end
Thermostat3 8010 8010 TCP 8010 8010 192.168.1.134 eth3.1
Thermostat5 8000 8000 TCP/UDP 80 80 192.168.1.134 eth3.1
Thermostat_ws 9000 9000 TCP/UDP 9000 9000 192.168.1.134 eth3.1
I checked, and the router does not have any firewalls set up, neither does my modem. I didn't install a firewall on the pi (I checked, and there's no odd iptables rule). Does anyone know what I'm missing?
--- EDIT ---
I'm still stuck on this. I called my ISP and they assure me there are no firewalls on their servers. Is there any way to tell if port 9000 is being blocked, and by who?

Bind your apache server to 0.0.0.0 address to make it accessible from remote machines

Try this tool to determine if the port is inaccessible (use the custom port): http://www.whatsmyip.org/port-scanner/
Everything else looks fine. As a sanity check I would try putting the ws port to 8010 to see if that works. I would also recommend using a tool like Advanced Web Client to isolate networking issues.

This is interesting. I once had a similar problem. I set up a WebSocket (I was using a nodejs ws) and once I tried to access it from remote client I was not able to reach it with ws://yourip:port but instead I had to use http://yourip:port. I don't know if you have the same problem, mine was due to a proxy I was using.
I still have an advice for you how you might be able to solve your problem. I don't know how concerned you are about security but as far as I understood your idea you basically connect to your raspberry pi through a WebSocket and tell it to change the temperature.
Back when did a similar project I found it rather hard to secure my WebSocket connection. I was basically sending a password plus command through the WebSocket to my server which then checks wether the password is correct. Otherwise everyone on the internet could heat your house. Not cool...
But therefore, I had to tunnel the connection through https to prevent a middleware attack.
I quickly threw the towel and decided to go with a completely different solution. Basically I set up a nodejs express server (can easily be configured with a self signed certificate to use https or used behind a nginx/apache https server) and authenticated with username and password. When someone made a POST request to /api/thermostats?id=0 with a temperature request, the server checks if the user is authenticated and then executes a terminal command from within node.
Maybe this idea also fits your demands.

Setting up domain name redirection on Mac OSX for all! domains

im trying to setup a redirection towards an app that im writing in Java. This app opens a port 8443 on my laptop (which is a MacOS 10.10 Yosemite) and offers a HTTPS service.
The big plan is to have another device connecting to an access point that im setting up on my laptop and when it connects to any ip/domain on 443 this traffic is redirected to my local machine on port 8443.
I need to redirect traffic that im getting on 443 to 8443. I kinda might have gotten a solution for this using the following guide: http://www.abetobing.com/node/81, and changed the rule to rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
But this rule only works locally if im right about that. So only traffic coming from my own laptop is redirected. if im trying to open https://192.168.178.25/ on another machine it doesn't work, but https://192.168.178.25:8443/ does.
Additionally i also was able to change a domain via the /etc/hosts file. That only works for local connections and for single domains if im right. So the second step would be to redirect ALL possible domain names to my ip. I think this should be possible with kinda of a proxy service, but since i am new to this topic I haven't found a solution that is working for me.
At the moment I am using 2 Wifi devices and the MacOS Internet share. My USB wifi card is connected to a router and internet. My internal wifi card opens an access point (it says hotspot) and offers the internet connection of the other device. This is annoying, since the USB wifi connection always has to work, otherwise MacOS will shut down the access point. The best solution would be a software opening a reliable access point with the internal wifi card (haven't had any success with the Mac OS ad-hoc network)
I would be so glad if someone would be able to help me out with any of the 3 single parts. Thank you already :)

Script to switch Local Area Connections according to website [not proxy]

Can I write a Windows Task or some kind of configuration script that will choose between two Local Area Connections according to the website I am visiting?
It may not be the best answer to my problem, but if it is possible, at least I know it will work.
The issue in full:
My main ISP currently has an issue routing me to my own websites (all hosted on the same server). It also has a 'sticky IP address' (note, not static) - it will only change your IP address once a fortnight, and they can't (won't) even force a change. Their second line support are working on the issue, but so far, no good, and I cannot access my own websites via their internet connection.
So, currently, I am switching from my main network to my mobile 3G network (tethered) any time I want to work on or view my own websites.
I would like to write a script that will make Windows automatically choose my mobile network for FTP, email and browsing my own websites, but use my main ISP for all other online activity.
Haven't a clue where to start - any help appreciated! Thanks,
Sarah

Well, that was simple, no scripting required. If you're using IPv4 (you can check here https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDoQFjAB&url=http%3A%2F%2Fwww.amiusingipv6.com%2F&ei=Bq4_UpakM4vv0gXboIDwCQ&usg=AFQjCNHiUnyKvVcUe8Z966YwoycLI28urw&bvm=bv.52434380,d.d2k)
Turn Windows features on or off.
Turn on RIP Listener.
Disable your internet connection that cannot connect to the website you are trying to access, and 'tracert' to the website: make a note of the IP address of the website, and the first IP address in the hop list ([FIRST IP]).
Type in 'route print' and make a note of the Interface number of your secondary internet connection.
Type in 'route add -p [WEBSITE IP ADDRESS] mask 255.255.0.0 [FIRST IP] IF [INTERFACE NUMBER] metric 1'
Reboot.
All traffic to the website IP address (be it mail, FTP, whatever) will go through the secondary connection, all other traffic goes through the main connection.
IPv6 instructions here:
http://windows.microsoft.com/en-gb/windows7/configuring-multiple-gateways-on-a-network
My setup is just an iPhone connected via USB as secondary connection and a Home Hub connected via ethernet as primary.
Hope this is useful to someone else - but of course, no one should ever think of using this to get around IP blocks on message boards...
Sarah

Need to find solution to route major traffic via LAN internet and minor traffice via dialup network

I have lan internet with some proxy server (corporate internet) and usb dial up direct network. I am using win7 prof edition.
I want to control the internet traffic(based on applications & most of it ) to LAN internet and minor traffic to dialup network.
After connecting to LAN and then dialup, always dialup take precedence and hence my lan is not used when dialup it is active. All communication I meant here is IE or any application on windows communication.
Interestingly I could control it manually in firefox, by switching/changing the proxy settings to proxy server on LAN or ip address of dial up connection. But if I try the same in IE it doesn't work and always point to dialup(until it is active)
let me know how to achieve this. I was looking in to route command line tool to solve this but need experts advice on this.

Try Fiddler 2
The free web debugging proxy for any browser, system or platform
Features:
http://fiddler2.com/Features/http-https-traffic-recording

Resources