Page 2 of 2

Re: help with ssl (secure)

Posted: Tue May 29, 2018 3:21 pm
by Skibox

Re: help with ssl (secure)

Posted: Tue May 29, 2018 5:13 pm
by scoobydobedooo
Skibox wrote:
Tue May 29, 2018 3:15 pm
You need to add a proxy server like nginx in front of VRS to make it https-capable.

/M
o right ok thank you :) not a clue where to even start on this one lol

ben

Re: help with ssl (secure)

Posted: Tue Jun 19, 2018 7:58 pm
by kiwikieran
Not sure if this would be what you want,
I am going to give it a try later.
http://www.youngzsoft.net/ccproxy/https ... server.htm

Re: help with ssl (secure)

Posted: Wed Jun 20, 2018 6:14 pm
by scoobydobedooo
kiwikieran wrote:
Tue Jun 19, 2018 7:58 pm
Not sure if this would be what you want,
I am going to give it a try later.
http://www.youngzsoft.net/ccproxy/https ... server.htm
ive looked at this softweare but couldnt get it going.
ADS-B finally got back to me they use cloudflare and NApoxie ithear oif whcih i could get to work

Re: help with ssl (secure)

Posted: Sat Jun 30, 2018 7:46 am
by DeWoert
scoobydobedooo wrote:
Wed Jun 20, 2018 6:14 pm
ADS-B finally got back to me they use cloudflare and NApoxie ithear oif whcih i could get to work
Can you please provide some more info about that solution ?
Perhaps a link to that software?

Re: help with ssl (secure)

Posted: Tue Jul 17, 2018 11:59 pm
by scoobydobedooo
[/quote]
Can you please provide some more info about that solution ?
Perhaps a link to that software?
[/quote]

www.haproxy.org
www.cloudflare.com

I havnt worked the rest of it out as of yet but here are the links to the 2 bits of software

Re: help with ssl (secure)

Posted: Wed Apr 03, 2019 3:01 am
by Doug Simmons
Using a Rock Pi 4 (RPi clone with some extra horsepower) running Linux, I am hosting everything served from VRS with HTTP2 and SSL (that scores an A+ 400/400 on ssllabs) through NGINX acting as a reverse proxy on the same device. With a different, simpler proxy server, I can serve the site using HTTP2+QUIC on the device, which sounds nifty, saving some more round trips, but either I couldn't figure out a good configuration or maybe QUIC for a relatively heavy site like this is a tall order for a 5V device. But NGINX gets the job done, and a Chrome audit with Lighthouse yields pretty good results.

Unfortunately there are some http:// addresses instead of relative URLs in various files and VRS using checksums apparently enforces not adding in an S, also airport-data.com, which provides the lovely pictures of all the ships, has not yet lit up https, http-only. This means that you can either have those pictures on your site still, but you'll prompt mixed content security warnings to browsers of your visitors, or you can instruct browsers hitting your server only to use HTTPS when assembling your site whether retrieving things from your server or from airport-data.com, resulting in broken links (HSTS), no airplane pictures. I don't know of any way around that that does not involve begging someone to fix something that ain't broke, and we're lucky to have any of this.

Were you to involve a conventional server, maybe your own PC or a cheap VPS, ie not some ARM SBC that's busy doing a bunch of other stuff, with NGINX (and I guess Apache) you can use Google's mod_pagespeed / ngx_pagespeed as well as brotli for compression (these don't currently compile on ARM due to an understandable lack of demand), and memcached, reddis and the rest with more elbow room. HAProxy, a CDN, whatever you want. I would call using a stronger rig than a Raspberry Pi a must if you think you might get more than one visitor on the site simultaneously or if your attic gets hot.

This has been a journey for me. At one point I actually served VRS through five different proxies on multiple machines on different networks. I'm a weird guy. I can't speak for Windows, but the easiest and quickest way I've found to light up a reverse proxy to serve VRS over SSL is by grabbing Caddy Server which does almost everything for you including fetching you a LetsEncrypt certificate. But if this concerns you enough to have found this thread, go the extra mile with NGINX.

Doug

Re: help with ssl (secure)

Posted: Sun Jan 05, 2020 3:21 pm
by scoobydobedooo
hey all thank you for all your replys,

after many many hours and months of head banging i have finnally been able to make vrs https using a simple programme called stunnel.
very simple to setup for windows users running vrs and stunnel on the same merchine.

Re: help with ssl (secure)

Posted: Mon Jan 06, 2020 8:01 pm
by antonov124
do you have an manual for VRS and stunnel at same windows hardware?

Re: help with ssl (secure)

Posted: Tue Jan 07, 2020 2:57 am
by scoobydobedooo
Hello,
i dont have a manual for stunnel sadly, but its pretty easy to install and set up,
You can download the software from there site https://www.stunnel.org
1.Firstly you want to close VRS before installing stunnel by following the step by step set up.
2.Once setup is complete open stunnel and at the top click on configuration and then edit configuration.
3.hen select all and delete everything in that file as its not needed.
4.Then add the following into the file and then hit save. (bear in mind im using a 64bit windows server so your links might be different)

; **************************************************************************
; * Global options *
; **************************************************************************
output = C:\Program Files (x86)\stunnel\config\stunnel.log

; **************************************************************************
; * Connection options *
; **************************************************************************

[sslvrs]
accept = 443
connect = 80
cert = C:\Program Files (x86)\stunnel\config\stunnel.pem

under the connect= you need to supply the port that VRS uses mine is port 80 and leave the accept port as 443
then as long as the links match your location your good to go. my stunnel is installed in the default loction.

5. then go to configuration again from the top and this time hit reload configuration.
6.then open up your VRS on the same server and then you should beable to use HTTPS:// to load your site.

hope this helps :)
antonov124 wrote:
Mon Jan 06, 2020 8:01 pm
do you have an manual for VRS and stunnel at same windows hardware?