search

SIDN / spin

SPIN Core Software
https://spin.sidnlabs.nl
GNU General Public License v2.0
77 stars 9 forks source link

Inaccessible content in spin page on OpenWrt? #71

Closed andrisr223 closed 3 years ago

andrisr223 commented 4 years ago

Hello,

I am trying to use spin on an OpenWrt (v19.07.0-rc2) router and getting the main spin page. But it stays empty as it tries to load some content which is blocked. Some of it is due to page being https and requesting http content, others are an interesting host http://valibox. which I could not find and replace in JS files.

chunk-vendors.25e8c961.js:6 Mixed Content: The page at 'https://192.168.1.1/spin/#/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://valibox./spin_api/profiles'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://192.168.1.1/spin_api/graph.html?mqtt_host=192.168.1.1' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://192.168.1.1:1884/mqtt'. This request has been blocked; this endpoint must be available over WSS.

Wanted to ask what I am doing wrong in config and where to dig further:

nginx configuration:

user nobody nogroup;
worker_processes  1;

events {
    worker_connections  1024;
}
http {
    access_log off;
    log_format openwrt '$request_method $scheme://$host$request_uri => $status'
        ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer';
    include mime.types;
    default_type application/octet-stream;
    sendfile on;

    client_max_body_size 17M;
    large_client_header_buffers 2 1k;

    gzip on;
    gzip_vary on;
    gzip_proxied any;

    keepalive_timeout  65;

    server {
        listen 80;
        listen 443 ssl;

        server_name  router, localhost;

        ssl_certificate 'conf.d/nginx.pem';
        ssl_certificate_key 'conf.d/nginx.key';
        ssl_session_cache shared:SSL:32k;
        ssl_session_timeout 64m;

        location / {
            proxy_pass http://localhost:8080/;
        }
        location /spin {
            root /www;
            index index.html;
        }
        location /spin_graph {
            alias /usr/lib/spin/web_ui/static/spin_api;
            index graph.html;
        }
        location /spin_api {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_http_version      1.1;
            proxy_pass_request_headers      on;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';

            # Fix the “It appears that your reverse proxy set up is broken" error.
            proxy_pass          http://localhost:8002;
            proxy_read_timeout  90;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

spin configuration:

config spind 'spind'
    option iptable_debug '/tmp/blockcommands'
    option iptable_queue_dns '1'
    option iptable_queue_block '2'
    option iptable_place_dns '0'
    option iptable_place_block '0'
    option pubsub_host '127.0.0.1'
    option pubsub_port '1883'
    option pubsub_channel_commands 'SPIN/commands'
    option pubsub_channel_traffic 'SPIN/traffic'
    option pubsub_timeout '60'
    option log_usesyslog '1'
    option log_loglevel '6'
cschutijser commented 4 years ago

Hi,

chunk-vendors.25e8c961.js:6 Mixed Content: The page at 'https://192.168.1.1/spin/#/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://valibox./spin_api/profiles'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://192.168.1.1/spin_api/graph.html?mqtt_host=192.168.1.1' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://192.168.1.1:1884/mqtt'. This request has been blocked; this endpoint must be available over WSS.

The web interface wants to talk to mosquitto using WebSockets. The browser is complaining about the fact that the connection to mosquitto is not using TLS. One piece of the puzzle is to configure mosquitto to use TLS. I think the configuration file is located at /etc/mosquitto/mosquitto.conf; documentation about the file format can be found here: https://mosquitto.org/man/mosquitto-conf-5.html.

Good luck.

cschutijser commented 3 years ago

I'll close this for now since I don't think there is anything we need to do on this topic. Feel free to re-open if necessary though.