Posts: 2
Threads: 1
Joined: Oct 2022
Reputation:
0
I integrated the moOde Audio in Home Assistant via iframe. This works flawless and doing so I can use all the features the web UI gives me.
However, this does not work when accessing Home Assistant via https because you cannot have an unsecured iframe source in a secure webpage.
Is there an easier way to serve the web UI via https besides adding certificates via SSH and adjust the nginx config?
If I do it manually, I have to repeat it every time I do an update.
Has anyone done this before? How did you do it?
Is this something that could make it into a standard moOde release?
Posts: 13,452
Threads: 305
Joined: Mar 2018
Reputation:
545
I'm not sure if a Browser trusted cert can be built into moOde.
How are you currently doing it?
Posts: 2
Threads: 1
Joined: Oct 2022
Reputation:
0
I'm not currently doing this. I was looking for a best practice on how to do this without worrying about breaking anything when updating.
I'm fine with a self signed certificate.
A workaround for me at this time is to do TLS termination using nginx on the machine that is running Home Assistant. This to me has some security drawbacks because that machine is exposed to the Internet and I worry about having the raspi with moode exposed by doing that.
Posts: 13,452
Threads: 305
Joined: Mar 2018
Reputation:
545
There is an experimental feature "HTTPS-only mode" already built into moOde but I haven't tested it in a long while and it looks like a necessary command file "gen-cert.sh" that is part of the feature was omitted from the /var/www/util directory in production releases.
The feature un-hides an option on System Config to turn on HTTPS-only mode This results in a self-signed cert for $HOSTNAME.local being automatically generated during startup and NGINX being configured to run in HTTPS-only mode.
IIRC the big problem are the nasty Browser warnings that appear due to self-signed cert.
Posts: 13,452
Threads: 305
Joined: Mar 2018
Reputation:
545
After looking at the feature code and running some tests there were some missing pieces but once those were restored things started working. The cumbersome part is adding the self-signed cert to the OS root store which eliminates the Browser warnings. This process differs on Mac/Win/Linux and so its kind of a mess.
I think it might be ok to release this as an "experimental" feature for upcoming 8.3.8 Bullseye. Maybe someone can figure out how to automate or document adding the self-signed cert to the OS specific root store.