search

matthuisman / docker-kodi-headless

A headless install of kodi in a docker container
GNU General Public License v3.0
124 stars 11 forks source link

SSL on WebServer #50

Closed smarthome-enthusiast closed 2 months ago

smarthome-enthusiast commented 3 months ago

Is there a way to enable SSL for the web server?

I have already copied the certificate and key (PEM format, named server.pem and server.key respectively) to userdata folder and enabled it under Settings > Services > Control but I wouldn't be able to connect to the web server. Restarting the docker would get it to fallback to HTTP. I have also looked at guisettings.xml to enable it but same result.

Am I missing something? Any help would be appreciated.

matthuisman commented 3 months ago

should be the same process on doing it with normal (not headless) Kodi. have you got that working?

smarthome-enthusiast commented 3 months ago

No. I haven't been able to. Maybe I'm missing something or there is a way to use the GUI with this container but the steps I have tried are:

  1. copied and rename those two files: privkey.pem -> specials://userdata/server.key -> /config/.kodi/userdata/server.key fullchain.pem -> special://userdata/server.pem -> /config/.kodi/userdata/server.pem

Directory reads:

root@853:\~/.kodi/userdata# pwd /config/.kodi/userdata root@853:\~/.kodi/userdata# ls -aln total 76 drwxrwxr-x 1 1033 65536 362 Apr 1 18:45 . drwxrwxr-x 1 1033 65536 108 Mar 18 20:16 .. drwxrwxr-x 1 1033 65536 54 Mar 18 20:18 addon_data -rwxrwxr-x 1 1033 65536 4703 Apr 1 18:45 advancedsettings.xml ... drwxrwxr-x 1 1033 65536 0 Mar 14 08:47 Savestates -rwxrwxr-x 1 1033 65536 227 Apr 1 00:56 server.key -rwxrwxr-x 1 1033 65536 1509 Apr 1 00:56 server.pem ...

  1. Enable SSL and Save in:

image

  1. When trying to load with HTTPS:

image

  1. Restart Container and reload page with HTTPS:

image

But it will load using HTTP.

matthuisman commented 3 months ago

ill have a play tonight and figure it out :) https was added with this PR: https://github.com/xbmc/xbmc/pull/13165/files

matthuisman commented 3 months ago

hang on, do you need to use a domain name for https? whats your cert for? a domain?

smarthome-enthusiast commented 3 months ago

whats your cert for? a domain?

Yes my certificates are for a domain. To create a self signed certificate for testing, have a look at this

matthuisman commented 3 months ago

yes i know about certs. But your still accessing it via its IP in the screenshots Did you try using the domain name to access it?

smarthome-enthusiast commented 3 months ago

Tried using both the domain name and IP.

image

matthuisman commented 3 months ago

ok. i think the issue is my docker container is just using libmicrohttpd-dev from ubuntu which i believe isnt compiled with https.

Kodi has a makefile to build it here: https://github.com/xbmc/xbmc/blob/master/tools/depends/target/libmicrohttpd/Makefile#L4 but think it skips that if it finds its own

So asking them how I can force it to build as I believe if I dont have libmicrohttpd-dev, it wont find it and then fail.

smarthome-enthusiast commented 2 months ago

Okay, thanks. Will wait patiently.

matthuisman commented 2 months ago

after googling I found: https://lists.nongnu.org/archive/html/libmicrohttpd/2010-01/msg00005.html

openssl genrsa 1024 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem

Copied the server.pem and server.key into userdata

then added to advancedsettings.xml

    <services>
        <webserverssl>true</webserverssl>
        ....

Restarted and I have https server

matthuisman commented 2 months ago

have updated the readme and also added some example files to the branches

smarthome-enthusiast commented 2 months ago

then added to advancedsettings.xml

    <services>
        <webserverssl>true</webserverssl>
        ....

Restarted and I have https server

That worked. Thank you.

matthuisman commented 2 months ago

Great :) so the missing thing for you was just the advanced setting? My issue was the cert I generated wasnt like by the server. Cant remember what options i was using. But once I switched to the above commands - it was happy

smarthome-enthusiast commented 2 months ago

Yes. If you look back at my post with the directory list, the files and permissions were correct. The certificates were copied from and are used by other services without any issues so it wasn't the generation of them. The only thing I did differently was trying to do it through the Web-UI and later the guisettings.xml. 

    <services>
       <webserverssl>true</webserverssl>
        ....

I didn't think about using the guisettings.xml setting conversion on the advancedsettings wiki.

smarthome-enthusiast commented 2 months ago

sorry for the late reply, I think it was. I didn't think about the guisettings.xml Setting Conversion section of the wiki. Just tried Web UI and guisettings.xml.