+- Moode Forum (https://moodeaudio.org/forum)
+-- Forum: moOde audio player (https://moodeaudio.org/forum/forumdisplay.php?fid=3)
+--- Forum: Feature requests (https://moodeaudio.org/forum/forumdisplay.php?fid=8)
+--- Thread: TLS (/showthread.php?tid=1337)
TLS - bump_here - 05-02-2019
Hi,
Is there any appetite for TLS on Mo0de? I use DNS to reference everything internally and like to have things under TLS to save on browser warnings.
If there is I'm happy to roll my sleeves up and try and add it.
Cheers
Bump
RE: TLS - Tim Curtis - 05-02-2019
Hi,
Use of HTTPS/TLS protocol does not really involve DNS. Its use is negotiated during the connection request from client Browser to Web server.
moOde uses NGINX Web server and so this is the component that would need to be configured for HTTPS/TLS.
http://nginx.org/en/docs/http/configuring_https_servers.html
Some of the challenges are:
- Unless the TLS Certificate is from a "well known CA" the Browser will display warning dialogs to the user.
- There is an ongoing cost to using a Cert from a well known CA that includes the initial cost plus the periodic renewal cost.
- There is a performance penalty incurred as a result of the encryption process
-Tim
RE: TLS - bump_here - 05-05-2019
Ah poor wording on my part. The reference to using DNS was just for the user story scenario.
Yes, TLS would have to be handled by nginx in the case mo0de.
For the Ubiquiti devices I use Let's Encrypt to provide and handle cert renewal automatically. Here's my repo for unifi controllers https://github.com/LeePorte/unifi-lets-encrypt
Do you think the performance hit would be significant on the Pi?
Cheers
Bump
RE: TLS - Tim Curtis - 05-05-2019
I really don't know if the performance hit from TLS encryption process will translate into a perceptible performance degradation i.e., less responsive UI.
If u have a configuration that could be tested I'll be happy to try it out.
RE: TLS - bump_here - 05-05-2019
OK I'll shonk something together for the purpose of performance testing and get back to you.
RE: TLS - bump_here - 05-14-2019
Just out of interest do you use any of the DNS providers located at https://github.com/Neilpang/acme.sh/wiki/dnsapi ?
Or would you prefer me to supply a cert and key and do some DNS poising for testing purposes?
RE: TLS - Tim Curtis - 05-14-2019
I've always used Router DHCP which sets client DNS to the LAN address of the Router. The Router then functions as a DNS proxy using whatever WAN DNS address was assigned by the ISP.
RE: TLS - bump_here - 05-15-2019
Ah it was DNS for domains you own that I was referring to. For the purpose of cert generation using Let's Encrypt.