Moode Forum

Full Version: TLS
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Is there any appetite for TLS on Mo0de? I use DNS to reference everything internally and like to have things under TLS to save on browser warnings.

If there is I'm happy to roll my sleeves up and try and add it.



Use of HTTPS/TLS protocol does not really involve DNS. Its use is negotiated during the connection request from client Browser to Web server.

moOde uses NGINX Web server and so this is the component that would need to be configured for HTTPS/TLS.

Some of the challenges are:

- Unless the TLS Certificate is from a "well known CA" the Browser will display warning dialogs to the user.
- There is an ongoing cost to using a Cert from a well known CA that includes the initial cost plus the periodic renewal cost.
- There is a performance penalty incurred as a result of the encryption process

Ah poor wording on my part. The reference to using DNS was just for the user story scenario.

Yes, TLS would have to be handled by nginx in the case mo0de.

For the Ubiquiti devices I use Let's Encrypt to provide and handle cert renewal automatically. Here's my repo for unifi controllers

Do you think the performance hit would be significant on the Pi?


I really don't know if the performance hit from TLS encryption process will translate into a perceptible performance degradation i.e., less responsive UI.

If u have a configuration that could be tested I'll be happy to try it out.
OK I'll shonk something together for the purpose of performance testing and get back to you.
Just out of interest do you use any of the DNS providers located at ?

Or would you prefer me to supply a cert and key and do some DNS poising for testing purposes?
I've always used Router DHCP which sets client DNS to the LAN address of the Router. The Router then functions as a DNS proxy using whatever WAN DNS address was assigned by the ISP.
Ah it was DNS for domains you own that I was referring to. For the purpose of cert generation using Let's Encrypt.