Firmware updates do not work

[bepsoccer]

Problem/Motivation

Firmware updates do NOT work from the add-on

Expected behavior

I expected firmware updates to work

Actual behavior

This is the same thing reported in Issue #83 that was just closed with no action. It reports update complete, but that is not the case and I believe it to be because the add-on isn't actually exposing the links to the firmware. When you navigate to https://<HA URL/IP>:9541/data/firmwares/tasmota.bin you get a 403 from Nginx.

Steps to reproduce

Try to update firmware of a Tasmota device via the add-on; manual or automatic.

Proposed changes

[addons-assistant[bot]]

:wave: Thanks for opening your first issue here! If you're reporting a :bug: bug, please make sure you include steps to reproduce it. Also, logs, error messages and information about your hardware might be useful.

[sinclairpaul]

Can you please post the addon log, specifically with the 403 listed. Do you get the same issue under a non SSL connection?

[bepsoccer]

Just SSL, my initial guess after having a look at the add-on file in the repo, the nginx-ssl.conf needs to be updated to be similar to the nginx conf to allow the firmwares directory since /data is denied by default. I have not had a chance to setup a different environment to test my theory.

https://github.com/hassio-addons/addon-tasmoadmin/blob/master/tasmoadmin/rootfs/etc/nginx/nginx-ssl.conf

GitHub

hassio-addons/addon-tasmoadmin

TasmoAdmin - Home Assistant Community Add-ons. Contribute to hassio-addons/addon-tasmoadmin development by creating an account on GitHub.

[bepsoccer]

nginx.conf:

        location /data/firmwares {
        }

        location /data/ {
            deny all;
        }

nginx-ssl.conf:

        location /data/ {
            deny all;
        }

[sinclairpaul]

I would suggest you test it, I'm not a Tasmota user, however I doubt the device holds SSL Chains, which maybe why it is not configured (the official OTA server does not run on SSL).

[bepsoccer]

I don't think its an SSL issue as its a 403 from the nginx webserver. And in the tasmoadmin repo the nginx-ssl.conf file has the firmnwares directory allowed, https://github.com/reloxx13/TasmoAdmin/blob/master/.docker/rootfs/etc/nginx/nginx-ssl.conf.

I will find some time to test my theory hopefully later today.

GitHub

reloxx13/TasmoAdmin

Website to manage Sonoff Devices flashed with Tasmota - reloxx13/TasmoAdmin

[sinclairpaul]

I fully appreciate the fact that you are being denied access, but my point is even if you enable, it will likely fail as the device will not trust whatever certificate you have. You can see the details on the Tasmota documentation https://tasmota.github.io/docs/Upgrading/#private-ota-server

Upgrading - Tasmota

Easily upgrade Tasmota to a newer version or different build while keeping all your settings

[bepsoccer]

Yeah, i just found that tid bit after successfully getting it to server the bin files over https... Seems to me the option in the tool is pointless as it can't work. We should consider changing the default behavior to be ssl:false for the add-on and update the documentation to call out OTA updates only work over http.

Well that was a waster of time rabbit hole making it "work" over https since tasmota itself doesn't support it.

[sinclairpaul]

Think of it as a learning experience...

But if you want to do a PR to update the docs that would be appreciated.

[bepsoccer]

NVM on multi-protocoling it, tasmota doesn't have TLS support so there's no point to

[addons-assistant[bot]]

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.