Open jneilliii opened 9 years ago
jjg
commented
9 years ago I haven't considered this configuration but it's definitely interesting enough to look into supporting :) Anything that would make Octowatch work from anywhere (not just on the LAN) would be very cool.
I'll try to book some time to look into what it would take to add support for this, but I might bug you @jneilliii for details about your setup so I can configure something similar to test with.
jneilliii
commented
9 years ago Yeah, no problem. Here is the relevant haproxy.cfg. I used standard procedures for installing openssl and generating the server and client certificates.
global
maxconn 4096
user haproxy
group haproxy
daemon
log 127.0.0.1 local0 debug
tune.ssl.default-dh-param 1024
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
option forwardfor
maxconn 2000
timeout connect 5s
timeout client 15min
timeout server 15min
frontend public
bind *:80
bind *:443 ssl crt /etc/haproxy/server.pem ca-file /etc/haproxy/ca.crt verify required
redirect scheme https code 301 if !{ ssl_fc }
use_backend webcam if { path_beg /webcam/ }
use_backend octoprint_socket if { path_beg /sockjs/ }
default_backend octoprint
backend octoprint
acl AuthOkay http_auth(L1)
http-request auth realm octoprint if !AuthOkay
reqrep ^([^\ :]*)\ /(.*) \1\ /\2
reqadd X-Scheme:\ https if { ssl_fc }
server octoprint1 127.0.0.1:5000
backend octoprint_socket
reqrep ^([^\ :]*)\ /(.*) \1\ /\2
server octoprint1 127.0.0.1:5000
backend webcam
reqrep ^([^\ :]*)\ /webcam/(.*) \1\ /\2
server webcam1 127.0.0.1:8080
backend noauthority
server noauthority1 192.168.1.3:80
userlist L1
group G1
user user1 insecure-password user1password groups G1
user user2 insecure-password user2password groups G1
This is not built in that i can tell, but I have my haproxy configured for SSL with client certificate and user/password authentication. With the octowatch app there are no options for specifying the client certificate or any form of username password fields in the settings. I know this might not happen very often in the world, but since my octoprint instance is accessible to the public I didn't want to risk anyone mucking about with my 3d printer.