[QUESTION] - Possible to integrate SSL?

andrewshilliday / garage-door-controller

Software to monitor and control garage doors via a raspberry pi

MIT License

327 stars 127 forks source link

[QUESTION] - Possible to integrate SSL? #18

Open kyle95wm opened 8 years ago

kyle95wm commented 8 years ago

Since I plan to open this up onto the internet from my home I was wondering if it would be possible to encrypt the traffic so that one can't sniff the username and password being sent

mjulienabt commented 7 years ago

I have the same requirement. For now I configured the Apache web server which was already on my pi as an SSL reverse proxy, created self sign cert and key with openssl, enabled the SSL and Proxy modules in Apache, then configure the the ssl and ProxyPass/ ProxyPassReverse directives in the apache.conf file. Only issues was I had to adjust the urls in the index.html file to https to get rig of the mix content warring in the browser. Seems to work well. The one feature I would like to have is a lockout if too many wrong password attempts are made.

kyle95wm commented 7 years ago

This is why it'd be useful to have knockd on your garage door server. Only accept incoming connections from your local subnet, and accept incoming connections from devices that used port knocking, while dropping everything else from coming in.

andrewshilliday commented 7 years ago

This would be a great feature to add. Unfortunately I have no idea how to do it. I suspect that the twisted library (which I'm using for the server) supports SSL. I'll look into it.

dhop90 commented 7 years ago

I've been able to implement https using self-signed certs:

Step #1: create self-signed certs

openssl genrsa > key.pem  
openssl req -new -x509 -key key.pem -out server.pem -days 1000 -subj "/C=<country>
/ST=<state>/L=<city>/O=<org>/OU=<org>/CN=<system name>/emailAddress=<email address>

Step #2: modify controller.py

#        reactor.listenTCP(self.config['site']['port'], site)  # @UndefinedVariable

    certData = getModule(__name__).filePath.sibling('server.pem').getContent()
    myContextFactory = ssl.DefaultOpenSSLContextFactory(
           'key.pem', 'server.pem'
           )

    reactor.listenSSL(443,site,myContextFactory)
    reactor.run()  # @UndefinedVariable

complete controller.py attached (had to rename file to .txt to upload) controller.txt