search

teslamate-org / teslamate

A self-hosted data logger for your Tesla 🚘
https://docs.teslamate.org
MIT License
5.81k stars 728 forks source link

v1.29.2: Bad Certificate when using http proxy (self signed cert) #3979

Closed zlymeda closed 2 weeks ago

zlymeda commented 3 months ago

Is there an existing issue for this?

What happened?

Home Assistant addon is using http proxy without an issue. Using TESLA_API_HOST in teslamate fails with Bad Certificate.

I believe it is due to a self-signed certificate. I see there is already TESLA_WSS_TLS_ACCEPT_INVALID_CERTS for WebSockets. Can we have the same for the HTTP?

Thank you

Expected Behavior

to be able to use self-signed cert on HTTP proxy

Steps To Reproduce

Use HTTP proxy with self-signed cert

Relevant log output

2024-06-19 07:30:59.483 [notice] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:2123 generated CLIENT ALERT: Fatal - Bad Certificate
2024-06-19 07:30:59.483 [error] GET https://pi.home:8443/api/1/vehicles/XYZ -> error: "TLS client: In state wait_cert_cr at ssl_handshake.erl:2123 generated CLIENT ALERT: Fatal - Bad Certificate\n" (78.470 ms)

Screenshots

No response

Additional data

No response

Type of installation

Docker

Version

v1.29.2

jlestel commented 3 months ago

It would seem logical to me to add it to allow http proxy installations without SSL to work.

TomasCorral commented 2 months ago

Just to add up to this discussion, I also have http proxy running with self signed certificate

I having an hard time following the docs at https://docs.teslamate.org/docs/guides/api/#tesla-fleet-api What I understand is I need to have http proxy running and then change TESLA_AUTH_HOST to my proxy domain? I already have a developer account with public key hosted and tesla proxy working for HomeAssistant

zlymeda commented 2 months ago

Ultimately, I modified the HTTP proxy to run both HTTPS and HTTP. HA integration hits the HTTPS and teslamate hits the HTTP

TomasCorral commented 2 months ago

Can you share your setup? How are you hosting the proxy?

zlymeda commented 2 months ago

sorry did not see the comment...

I have my own repo, where vehicle command repo is a dependency. and I run the proxy in my main module running this function:

func runProxy() error {
    fmt.Println(os.Args[0], version.Version, version.BuildTime)
    host := "0.0.0.0"
    port := 8443

    privateKey, err := protocol.LoadPrivateKey(keyFile)
    if err != nil {
        return err
    }

    ctx, cancel := CreateMainCtx()
    defer cancel()

    log.Println("Starting HTTP and HTTPS...")
    p, err := myproxy.New(ctx, privateKey, cacheSize)
    p.Timeout = 60 * time.Second

    go func() {
        addrHttp := fmt.Sprintf("%s:%d", host, port + 1)
        log.Println("Starting HTTP server on " + addrHttp)
        if err := http.ListenAndServe(addrHttp, p); err != nil {
            log.Fatalf("HTTP server error: %v", err)
        }
    }()

    addr := fmt.Sprintf("%s:%d", host, port)
    log.Println("Starting HTTPs server on " + addr)
}
github-actions[bot] commented 3 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.