Web Terminal gives warning "Your connection is not private"

[shermand100]

This is because the terminal doesn't have an SSL certificate, and there is no easy way around this. I'm aware it's not pretty, I would like it fixed but currently there's no solution I'm aware of

[dalecooper]

One of the first things I did after the PiNode-XMR installation was complete was to install libnss-mdns and its dependencies to be able to access the node at pinodexmr.local from any device in my local network (btw, that's something you might want to add as a default feature) As a web dev I use mkcert to have trusted certificates on any local domain, such as "thiswebsite.work". It's super easy to setup and it just works. So I've searched a bit how to make good use of mkcert to get https://pinodexmr.local without any complaint from the browser, but I don't want to mess up with my working node, and I don't have any spare SBC at the moment. Not sure if that's a possible solution but I'd be happy to give it a try when I can find some time (currently working at home and taking care of my toddler...) Do you have any recommendation to do some testing without a physical device? Is it even possible to boot your image with VirtualBox or so ?

[shermand100]

@dalecooper This is great info thank you. The web development side is definitely a weakness of mind (hence the use of the template for the UI).

So it appears for Raspbian users a lot of these dependencies are installed as standard, or have come packaged with other dependencies. Without any additional apt install use I already have:

• libnss-mdns

• avahi-daemon

• openssl

By default users can already access the index of the PiNodeXMR UI with http://pinodexmr.local

avahi-daemon is then easily configured by changing /etc/avahi/avahi-daemon.conf file and un-commenting publish-addresses=yes. This "activates" all the links in the navigation bar under the pinodexmr.local address.

This is a very good start and so easy, thank you. I wouldn't have known without you pointing this out.

I'm trying to avoid installing more dependencies. So I've taken a look at "mkcert". It seems to want Go and then to compile mkcert. Although it probably won't take long to download, install and compile I'd like to avoid these steps from extending an already lengthy core install script.

I'm experimenting with the already installed openssl to see if it can be used, but I've never created SSL before so I'm looking through a few guides.

I'm able to generate certs, I know where I've stored them. Last step is to link shellinabox to them.

[dalecooper]

So it appears for Raspbian users a lot of these dependencies are installed as standard, or have come packaged with other dependencies.

Yes, indeed I'm running Armbian and Avahi not installed by default.

I'm trying to avoid installing more dependencies. So I've taken a look at "mkcert". It seems to want Go and then to compile mkcert. Although it probably won't take long to download, install and compile I'd like to avoid these steps from extending an already lengthy core install script.

Gotcha

I'm experimenting with the already installed openssl to see if it can be used, but I've never created SSL before so I'm looking through a few guides.

I'm able to generate certs, I know where I've stored them. Last step is to link shellinabox to them.

I know close to nothing about how SSL certificates work, but one thing I know is that with all the solutions I've tried over the years (including basic openssl) I had self-signed certificates which the browsers were not happy with. mkcert solved this but I have no idea how it does this. As far as I know Let's Encrypt can't work as they can't validate a certificate on a local only domain.

On another note, I've already checked a bit the template, I'm probably able to help with that, but for now as I said I don't have much spare time :) I'll see what I can do ASAP!

Also, I've found a solution to run a virtual Raspberry Pi with qemu, but it's a Pi1 so it's unusable for our purpose. I remember seeing in the install script that Ubuntu is a possible host, with Raspbian and Armbian but there's no mention of it the docs. Is it just a planned feature for now ? Oh I guess I should just give it a quick try

EDIT : just read a little more about mkcert, and "mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates" so I guess it will only work for HTTPS queries on the same machine unfortunately. And that makes sense. Not sure it's even possible to solve the issue with a PiNode-XMR-side only solution...

[shermand100]

I managed to get my head into this issue a coupe of months back when playing with the SSL certs for the monero-lws addition and am still of the opinion that there is no PiNode-XMR side only fix to this.

I won't close this issue as it still persists but I don't see a fix anytime soon.