search

s60sc / ESP32-CAM_MJPEG2SD

ESP32 Camera motion capture application to record JPEGs to SD card as AVI files and stream to browser as MJPEG. If a microphone is installed then a WAV file is also created. Files can be uploaded via FTP or downloaded to browser.
GNU Affero General Public License v3.0
888 stars 209 forks source link

https setup? #410

Closed TinkerType closed 5 months ago

TinkerType commented 5 months ago

Hi s60sc and everyone who tried this... I am trying to set up https for the web server, so far without success. http is working alright, but I would really prefer https with a self-signed certificate.

I followed the comments in certificates.cpp and entered the command on line 21 with my target IP to create the prvtkey_pem and cacert_pem files. So far so good....

Capture_1

I replaced the lines for the private key and certificate with the respective lines from the files.

Capture_2

Capture_3

Saved it, compiled and uploaded it to the board.

Then on the access point, I configured 'Access Settings' to 'Use HTTPS' and under 'Edit Config' -> 'Wifi' I entered the target IP in the field 'Static IP address'.

Capture_6

Capture_7

Alright... Saved the config and then 'Reboot ESP'.

At this point Chrome already refused to serve the page, which was expected, so I entered the certificates under 'Security' -> 'Manage Certificates' -> 'Trusted Freaking Root Certification Authorities'. The wizard allowed browsing to the 'cacert.pem' file, which I selected, Confirmed all buttons.

Capture_8

Capture_9

Target IP shows up in the list, all seems good... but no success. Browsing to the page still shows 'This site can't be reached'.

Capture_10

What is interesting is that trying http:// redirects to https://, so something must be there.

The log from the serial monitor says, there is a 'Wifi Station IP' using https, so that is promising, plus the web server is listening on 443, which also seems like a good start.

Capture_11

Btw, I did check the firewall in my router and previously with http;// all was working fine.

If anyone knows, what's the missing piece or what steps to take from here, I would greatly appreciate it. Thanks very much.

rjsachse commented 5 months ago

I don't know if you need to check (Check Certs) under use https

s60sc commented 5 months ago

that static ip looks odd, does it work with http?

check certs is for external sites confidence (middle man attack)

you have to get certs exactly right, a tiny mistake will fail

only use https on ESP32S3, ESP32 has insufficient memory

TinkerType commented 5 months ago

Thanks very much rjsachse and s60sc. I just realized my whole idea was not going to work anyway, i.e. to use https through port forwarding with just an IP. Perhaps I will try a reverse proxy instead. I appreciate your responses!