options for wss & https

Luligu / matterbridge

Matterbridge plugin manager for Matter

https://github.com/Luligu/matterbridge/blob/main/README.md

Apache License 2.0

125 stars 13 forks source link

options for wss & https #62

Closed thunderace closed 3 weeks ago

thunderace commented 3 weeks ago

Allow to use secure web socket (wss) without https (to work behind a reverse proxy)

Luligu commented 3 weeks ago

Hi, it is not that I didn't add the command line because I didn't want the users to use wss and https. The problem is that I didn't manage to have reliable results and a working solution with wss and https and since it was not important I let it go for another moment. Maybe if you want to add them (it would be nice) we have to think the whole picture:

understand if it is possible to have an https connection for local address (I could not manage to get it)
how to create the certificates...
decide if we create the certificate for matterbridge or each user must add his/her own certificates (probably the only reasonable solution). In this last case we have to implement a kind of import procedure to load the certificates.
make a simple but effective guide on how to generate the certificates
modify the frontend to use wss too

If you see also in zibgbee2mqtt the connection is not secure. Home automation is not secure too. Did they solve the problem?

L2jLiga commented 3 weeks ago

Hi there, if you would like to use reverse proxy you can check this configuration, it use nginx sub_filter to patch code and make both http and ws work on same port

I'm using it to provide ingress functionality in matterbridge HA addon, so addon users can open MatterBridge interface from anywhere

https://github.com/L2jLiga/ha-addons/blob/master/matterbridge-zigbee2mqtt/rootfs/etc/nginx/servers/ingress.conf

Luligu commented 3 weeks ago

Hi, I spend a few time yesterday on the dev. There you find initializeHttpsFrontend(port = 8443). You can make tests and experiments with the certificates. It doesn't load the bridge and the frontend. It's just a test method. The certificates loading is already written. If you succeed on solving the browser problem we can integrate in the matterbridge. I will update the frontend myself so try to solve the browser problem:

I still have the browser refusing the certificate cause is not signed by a trusted CA. Even adding it to the trusted certificates doesn't solve the problem. So the result is useless in my opinion.

Luligu commented 3 weeks ago

Fixed with 1.3.6.

[1.3.6] - 2024-06-28

Changed

[matterbridge]: Unified the http server port for the frontend and the WebSockerServer.
[matterbridge]: Unified the https server port for the frontend and the WebSockerServer.
[certificates]: The certificates for https connections are imported from the directory ~/.matterbridge/certs with these names: cert.pem, key.pem and ca.pem (optional). Use the -ssl command line parameter to activate https for both frontend and WebSocketServer.

Fixed

[matterbridge]: Fixed exports
[matterbridgeDevice]: Fixed ElectricalEnergyMeasurement and ElectricalPowerMeasurement