homebridge-http-webhooks icon indicating copy to clipboard operation
homebridge-http-webhooks copied to clipboard

Published 20 hours ago verified publisher icon benzman81

Support HTTPS for incoming requests

Open mensa84 opened this issue 5 years ago • 33 comments

Hello,

for security reasons: Is it also possible to use HTTPS instead of HTTP? That would be a really nice feature :)

mensa84 avatar Dec 02 '19 07:12 mensa84

Not possible for now. Feel free to provide a pull request.

benzman81 avatar Dec 02 '19 20:12 benzman81

Thanks for your answer, if I want to create a pull request, I always get that message, what should I do?

"Choose different branches or forks above to discuss and review changes. "

I don't see a different branch or fork.

mensa84 avatar Dec 02 '19 20:12 mensa84

First you need to fork the repo. Develop you feature, and then create a pull request from this repo to mine.

benzman81 avatar Dec 02 '19 20:12 benzman81

Oh, sorry, I am no developer. Could I just create a "Feature request"?

mensa84 avatar Dec 03 '19 06:12 mensa84

Of course ;-)

benzman81 avatar Dec 03 '19 07:12 benzman81

Where and how? Or was that here already one? ;)

mensa84 avatar Dec 03 '19 07:12 mensa84

This issue is the feature request ;-)

benzman81 avatar Dec 03 '19 08:12 benzman81

Perfect, thanks! Is it complicated, to get HTTPS to work?

mensa84 avatar Dec 03 '19 08:12 mensa84

I dont know. Since this is within local network I have no focus on this. So if someone will implement it, it has to come from the community.

benzman81 avatar Dec 03 '19 10:12 benzman81

I have to use that Webhooks plugin from WAN side, because the device "Withings Sleep" can only trigger IFTTT and IFTTT runs in the cloud. So currently I have to access my webhooks plugin from external by HTTP, more secure would be HTTPS.

mensa84 avatar Dec 03 '19 10:12 mensa84

I have to use that Webhooks plugin from WAN side, because the device "Withings Sleep" can only trigger IFTTT and IFTTT runs in the cloud. So currently I have to access my webhooks plugin from external by HTTP, more secure would be HTTPS.

Actually, I'm using IFTTT and it's working via HTTP - dunno which is your scenario, but sending webhook request from IFTTT to homebridge via this plugin works.

alexbohariuc avatar Jan 13 '20 16:01 alexbohariuc

You should not open a port and send http through it as this punches a hole in your firewall and everyone on the inet listening can access it. You can try to use ngrok as tunnel.

benzman81 avatar Jan 13 '20 17:01 benzman81

Is there a free version of ngrok which can do this or a free alternative? I don't wanna pay a monthly fee, just to access my devices/homebridge outside home.

mensa84 avatar Jan 13 '20 17:01 mensa84

Now support https with a self signed cert (beta state). Feel free to tests. After you feedback as verification I will close this.

benzman81 avatar Jan 15 '20 20:01 benzman81

Installation of 0.0.55 fails:

root@Server:~# npm -g install [email protected] --unsafe-perm
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/homebridge-http-webhook - Not found
npm ERR! 404
npm ERR! 404  '[email protected]' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2020-01-16T08_10_52_251Z-debug.log

mensa84 avatar Jan 16 '20 08:01 mensa84

Should do. Try newest version 0.0.56.

benzman81 avatar Jan 16 '20 19:01 benzman81

Same error:

root@Server:~# npm -g install [email protected]
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/homebridge-http-webhook - Not found
npm ERR! 404
npm ERR! 404  '[email protected]' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2020-01-17T08_03_42_853Z-debug.log

mensa84 avatar Jan 17 '20 08:01 mensa84

Must be some issue on your local machine. Others already installed this version without issues.

benzman81 avatar Jan 17 '20 13:01 benzman81

It worked now by uninstalling and re-installing with @latest.

But HTTPS is not working. I always get that error:

Fehler: Gesicherte Verbindung fehlgeschlagen

Beim Verbinden mit server:51828 trat ein Fehler auf. SSL hat einen Eintrag erhalten, der die maximal erlaubte Länge überschritten hat.

Fehlercode: SSL_ERROR_RX_RECORD_TOO_LONG

    Die Website kann nicht angezeigt werden, da die Authentizität der erhaltenen Daten nicht verifiziert werden konnte.
    Kontaktieren Sie bitte den Inhaber der Website, um ihn über dieses Problem zu informieren.

mensa84 avatar Jan 17 '20 16:01 mensa84

Tried with current version of chrome, firefox, safari and some request tool. Didn't get this exception. I only found this error regarding firefox. May you look here: https://www.ssl2buy.com/wiki/ssl_error_rx_record_too_long-firefox-error

If you can't get this to work, you might use the new version 0.0.57. With this you should be able to use your own certificate (didn't test it, but option is available). Maybe this helps.

benzman81 avatar Jan 19 '20 11:01 benzman81

It does not matter which browser is able to do it successfully. IFTTT can't handle it. So I think 0.0.57 also will not help to work with IFTTT, or?

mensa84 avatar Jan 19 '20 11:01 mensa84

Tested with IFTTT, too. Its working over here.

benzman81 avatar Jan 19 '20 12:01 benzman81

anyone tested https successfully except me?

benzman81 avatar Mar 28 '20 13:03 benzman81

I would like to test again, is it necessary to use "https_keyfile" and "https_certfile"? Or what is the simplest configuration to just activate HTTPS?

mensa84 avatar Mar 29 '20 15:03 mensa84

These settings are just needed if you want a custom key and cert file. Just set https to true is the simplest setting.

benzman81 avatar Mar 29 '20 15:03 benzman81

I am receiving that errors:

Mar 29 17:25:31 Server homebridge[9713]: [3/29/2020, 5:25:31 PM] [HttpWebHooks] Using automatic created ssl certificate.
Mar 29 17:25:31 Server homebridge[9713]: [3/29/2020, 5:25:31 PM] Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
Mar 29 17:25:31 Server homebridge[9713]:     at Object.createSecureContext (_tls_common.js:137:17)
Mar 29 17:25:31 Server homebridge[9713]:     at Server.setSecureContext (_tls_wrap.js:1080:27)
Mar 29 17:25:31 Server homebridge[9713]:     at Server (_tls_wrap.js:960:8)
Mar 29 17:25:31 Server homebridge[9713]:     at new Server (https.js:61:14)
Mar 29 17:25:31 Server homebridge[9713]:     at Object.createServer (https.js:84:10)
Mar 29 17:25:31 Server homebridge[9713]:     at Object.https.createServer (/usr/lib/node_modules/homebridge-http-webhooks/node_modules/http-auth/src/server/https.js:34:38)
Mar 29 17:25:31 Server homebridge[9713]:     at HttpWebHooksPlatform.accessories (/usr/lib/node_modules/homebridge-http-webhooks/index.js:497:15)
Mar 29 17:25:31 Server homebridge[9713]:     at Server._loadPlatformAccessories (/usr/lib/node_modules/homebridge/lib/server.js:403:20)
Mar 29 17:25:31 Server homebridge[9713]:     at Server._loadPlatforms (/usr/lib/node_modules/homebridge/lib/server.js:341:16)
Mar 29 17:25:31 Server homebridge[9713]:     at Server.run (/usr/lib/node_modules/homebridge/lib/server.js:90:36)
Mar 29 17:25:31 Server homebridge[9713]:     at module.exports (/usr/lib/node_modules/homebridge/lib/cli.js:59:10)
Mar 29 17:25:31 Server homebridge[9713]:     at Object.<anonymous> (/usr/lib/node_modules/homebridge/bin/homebridge:17:22)
Mar 29 17:25:31 Server homebridge[9713]:     at Module._compile (internal/modules/cjs/loader.js:816:30)
Mar 29 17:25:31 Server homebridge[9713]:     at Object.Module._extensions..js (internal/modules/cjs/loader.js:827:10)
Mar 29 17:25:31 Server homebridge[9713]:     at Module.load (internal/modules/cjs/loader.js:685:32)
Mar 29 17:25:31 Server homebridge[9713]:     at Function.Module._load (internal/modules/cjs/loader.js:620:12)
Mar 29 17:25:31 Server homebridge[9713]:     at Function.Module.runMain (internal/modules/cjs/loader.js:877:12)
Mar 29 17:25:31 Server homebridge[9713]:     at internal/main/run_main_module.js:21:11

mensa84 avatar Mar 29 '20 15:03 mensa84

Seems you hit this issue on your system https://github.com/jfromaniello/selfsigned/issues/33

Once fixed, I will update the lib.

benzman81 avatar Mar 29 '20 16:03 benzman81

Thank you, could you please tell me what I should do exactly? It's a debian x64 linux where I only installed homebridge and some plugins, so I don't understand why my system is the issue.

mensa84 avatar Mar 29 '20 17:03 mensa84

Either you wait for the mibrary to fix this issue, or you use the mentioned workaround:

`Only way around it is to modify: /etc/ssl/openssl.cnf and change:

CipherString = DEFAULT@SECLEVEL=2 to CipherString = DEFAULT@SECLEVEL=1`

benzman81 avatar Mar 29 '20 17:03 benzman81

Thank you very much! That helped and I was able to test HTTPS successfully! Thanks a lot for implementing that!

Should I later revert that change in the mentioned .cnf file?

mensa84 avatar Mar 29 '20 20:03 mensa84