help with ssl (secure)

Want to post something that doesn't quite fit into the other forums? This is the place for that.
Skibox
Posts: 148
Joined: Mon Apr 07, 2014 7:06 pm
Location: ESGG

Re: help with ssl (secure)

Post by Skibox » Tue May 29, 2018 3:21 pm


scoobydobedooo
Posts: 49
Joined: Thu Oct 05, 2017 1:47 pm
Contact:

Re: help with ssl (secure)

Post by scoobydobedooo » Tue May 29, 2018 5:13 pm

Skibox wrote:
Tue May 29, 2018 3:15 pm
You need to add a proxy server like nginx in front of VRS to make it https-capable.

/M
o right ok thank you :) not a clue where to even start on this one lol

ben
i have a home base station im willing to share data from. if intressed let me know :)

kiwikieran
Posts: 63
Joined: Sat Jan 20, 2018 8:50 pm

Re: help with ssl (secure)

Post by kiwikieran » Tue Jun 19, 2018 7:58 pm

Not sure if this would be what you want,
I am going to give it a try later.
http://www.youngzsoft.net/ccproxy/https ... server.htm

scoobydobedooo
Posts: 49
Joined: Thu Oct 05, 2017 1:47 pm
Contact:

Re: help with ssl (secure)

Post by scoobydobedooo » Wed Jun 20, 2018 6:14 pm

kiwikieran wrote:
Tue Jun 19, 2018 7:58 pm
Not sure if this would be what you want,
I am going to give it a try later.
http://www.youngzsoft.net/ccproxy/https ... server.htm
ive looked at this softweare but couldnt get it going.
ADS-B finally got back to me they use cloudflare and NApoxie ithear oif whcih i could get to work
i have a home base station im willing to share data from. if intressed let me know :)

DeWoert
Posts: 41
Joined: Mon Feb 29, 2016 9:36 pm

Re: help with ssl (secure)

Post by DeWoert » Sat Jun 30, 2018 7:46 am

scoobydobedooo wrote:
Wed Jun 20, 2018 6:14 pm
ADS-B finally got back to me they use cloudflare and NApoxie ithear oif whcih i could get to work
Can you please provide some more info about that solution ?
Perhaps a link to that software?

scoobydobedooo
Posts: 49
Joined: Thu Oct 05, 2017 1:47 pm
Contact:

Re: help with ssl (secure)

Post by scoobydobedooo » Tue Jul 17, 2018 11:59 pm

[/quote]
Can you please provide some more info about that solution ?
Perhaps a link to that software?
[/quote]

www.haproxy.org
www.cloudflare.com

I havnt worked the rest of it out as of yet but here are the links to the 2 bits of software
i have a home base station im willing to share data from. if intressed let me know :)

Doug Simmons
Posts: 1
Joined: Mon Nov 12, 2018 9:22 pm

Re: help with ssl (secure)

Post by Doug Simmons » Wed Apr 03, 2019 3:01 am

Using a Rock Pi 4 (RPi clone with some extra horsepower) running Linux, I am hosting everything served from VRS with HTTP2 and SSL (that scores an A+ 400/400 on ssllabs) through NGINX acting as a reverse proxy on the same device. With a different, simpler proxy server, I can serve the site using HTTP2+QUIC on the device, which sounds nifty, saving some more round trips, but either I couldn't figure out a good configuration or maybe QUIC for a relatively heavy site like this is a tall order for a 5V device. But NGINX gets the job done, and a Chrome audit with Lighthouse yields pretty good results.

Unfortunately there are some http:// addresses instead of relative URLs in various files and VRS using checksums apparently enforces not adding in an S, also airport-data.com, which provides the lovely pictures of all the ships, has not yet lit up https, http-only. This means that you can either have those pictures on your site still, but you'll prompt mixed content security warnings to browsers of your visitors, or you can instruct browsers hitting your server only to use HTTPS when assembling your site whether retrieving things from your server or from airport-data.com, resulting in broken links (HSTS), no airplane pictures. I don't know of any way around that that does not involve begging someone to fix something that ain't broke, and we're lucky to have any of this.

Were you to involve a conventional server, maybe your own PC or a cheap VPS, ie not some ARM SBC that's busy doing a bunch of other stuff, with NGINX (and I guess Apache) you can use Google's mod_pagespeed / ngx_pagespeed as well as brotli for compression (these don't currently compile on ARM due to an understandable lack of demand), and memcached, reddis and the rest with more elbow room. HAProxy, a CDN, whatever you want. I would call using a stronger rig than a Raspberry Pi a must if you think you might get more than one visitor on the site simultaneously or if your attic gets hot.

This has been a journey for me. At one point I actually served VRS through five different proxies on multiple machines on different networks. I'm a weird guy. I can't speak for Windows, but the easiest and quickest way I've found to light up a reverse proxy to serve VRS over SSL is by grabbing Caddy Server which does almost everything for you including fetching you a LetsEncrypt certificate. But if this concerns you enough to have found this thread, go the extra mile with NGINX.

Doug

Post Reply