Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] Unable to connect ssl with authentication #22

Open
jneilliii opened this issue Feb 19, 2015 · 2 comments
Open

[feature request] Unable to connect ssl with authentication #22

jneilliii opened this issue Feb 19, 2015 · 2 comments

Comments

@jneilliii
Copy link

This is not built in that i can tell, but I have my haproxy configured for SSL with client certificate and user/password authentication. With the octowatch app there are no options for specifying the client certificate or any form of username password fields in the settings. I know this might not happen very often in the world, but since my octoprint instance is accessible to the public I didn't want to risk anyone mucking about with my 3d printer.
@jjg
Copy link
Owner

jjg commented Feb 19, 2015

I haven't considered this configuration but it's definitely interesting enough to look into supporting :) Anything that would make Octowatch work from anywhere (not just on the LAN) would be very cool.

I'll try to book some time to look into what it would take to add support for this, but I might bug you @jneilliii for details about your setup so I can configure something similar to test with.

@jneilliii
Copy link
Author

Yeah, no problem. Here is the relevant haproxy.cfg. I used standard procedures for installing openssl and generating the server and client certificates.

    global
            maxconn 4096
            user haproxy
            group haproxy
            daemon
            log 127.0.0.1 local0 debug
            tune.ssl.default-dh-param 1024
    defaults
            log     global
            mode    http
            option  httplog
            option  dontlognull
            retries 3
            option redispatch
            option http-server-close
            option forwardfor
            maxconn 2000
            timeout connect 5s
            timeout client  15min
            timeout server  15min

    frontend public
        bind *:80
        bind *:443 ssl crt /etc/haproxy/server.pem ca-file /etc/haproxy/ca.crt verify required
        redirect scheme https code 301 if !{ ssl_fc }
        use_backend webcam if { path_beg /webcam/ }
        use_backend octoprint_socket if { path_beg /sockjs/ }
        default_backend octoprint

    backend octoprint
        acl AuthOkay http_auth(L1)
        http-request auth realm octoprint if !AuthOkay
        reqrep ^([^\ :]*)\ /(.*)     \1\ /\2
        reqadd X-Scheme:\ https if { ssl_fc }
        server octoprint1 127.0.0.1:5000

    backend octoprint_socket
        reqrep ^([^\ :]*)\ /(.*)     \1\ /\2
        server octoprint1 127.0.0.1:5000

    backend webcam
        reqrep ^([^\ :]*)\ /webcam/(.*)     \1\ /\2
        server webcam1  127.0.0.1:8080

    backend noauthority
        server noauthority1 192.168.1.3:80

    userlist L1
        group G1

        user user1 insecure-password user1password groups G1
        user user2 insecure-password user2password groups G1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jjg @jneilliii