hass-pyscript-jupyter icon indicating copy to clipboard operation
hass-pyscript-jupyter copied to clipboard

Published 20 hours ago verified publisher icon craigbarratt

https support

Open fizcris opened this issue 3 years ago • 7 comments

Is there an easy way to make it work with https?

Without having to set up a reverse proxy...

fizcris avatar Sep 06 '21 10:09 fizcris

I kinda have the same question. Just set up https for HomeAssistant, modified the pyscript.conf file accordingly and now it seems like it is not working.

Dilergore avatar Sep 09 '21 06:09 Dilergore

Okay, so my working setup is:

  • Home Assistant set to SSL
    • using Let's encrypt (using CloudFlare challange)
    • server.domain.com is the domain which this way has an externally valid cert
  • My external URL is homeassistant.domain.com
    • This is a CNAME record pointing to server.domain.com
    • Externally my router only accepting traffic from the CloudFlare edge
    • On CloudFlare I have proxy mode set for this traffic
    • My router is forwarding port 443 to the private IP of my HomeAssistant and to port 8123
  • Internally server.domain.com points to the private IP of my HomeAssistant
  • pyscript.conf is set to
    • hass_host pointing to server.domain.com
    • hass_url pointing to https://server.domain.com:8123

I think what we are missing is a flag in the pyscript.conf to accept untrusted SSL then it would work without needing a valid cert locally.

Dilergore avatar Sep 09 '21 07:09 Dilergore

For my 2-cents, I was having the same trouble accessing the kernel from my LAN. The problem seemed to that

  1. Direct internal access didn't work because the HTTPS certificate is invalid, since it points to my domain
  2. Accessing via the domain worked for HTTPS, but then failed when Jupyter (or pyscript?) attempt to launch a connection on a randomised, high port number. These aren't forwarded through the router, so it fails.

To fix it, I enabled port forwarding from my router to my HA instance of all ports above 9999. This rewrites local accesses to the device, but also exposes those ports externally. That might be what you want: I didn't, so I also added a firewall rule preventing WAN access to the same ports on the router.

charlesbaynham avatar Dec 22 '21 12:12 charlesbaynham

Thanks for the above solution. Would be great if there was a flag to ignore invalid cert for local https access?

acambitsis avatar Jul 24 '22 20:07 acambitsis

As @charlesbaynham wrote, accessing behind a reverse proxy doesn't work because the reverse proxy will not forward the randomized ports. Would it be possible to support this usage scenario?

derkork avatar Sep 23 '22 19:09 derkork

i use a self signed cert and even though I installed the cert locally python still rejects it, which is probably also why i can’t connect via jupyter.

i see that this pr mentioned should allow me to just disable the check, but i don’t think the current released version includes this? the pyscript.conf doesn’t show this option and adding it doesn’t seem to do anything.

can i directly install the latest version or is this getting another release?

zeratax avatar Apr 23 '24 20:04 zeratax