[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] IOT Sandbox server - Secure Websockets?
|
Hi Ian,
As Ray says, the user has to accept the security exception first but
may not have the option to do that, depending on how things are set
up. You can see this by going to
http://test.mosquitto.org/sys/index2.html - it will silently fail on
firefox at least. If you go to http://test.mosquitto.org:8081 first
then you can choose to accept the exception.
The missing point above - there is TLS enabled websockets on
test.mosquitto.org:8081 at the moment.
Cheers,
Roger
On Tue, Jun 16, 2015 at 11:30 AM, hack scribble
<hackscribble@xxxxxxxxxxx> wrote:
> Hi Ian
>
> I use a self-signed cert. Works ok in Firefox (Windows) and Safari (iOS) after the user accepts the security exception.
>
> Ray
>
>
>
>> On 16 Jun 2015, at 11:09, Ian Craggs <icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> Hi Roger,
>>
>> that would be great. Any port will do. I don't know about the self-signed certificate, whether browsers will accept that out of the box. I guess the easiest way is to try it and see.
>>
>> Ian
>>
>>> On 06/15/2015 04:53 PM, Roger Light wrote:
>>> Hi Ian,
>>>
>>> I'll see about getting it supported - but it would be a self signed
>>> certificate and couldn't be on port 80 or 443. Is that going to be ok?
>>>
>>> Cheers,
>>>
>>> Roger
>>>
>>>
>>> On Mon, Jun 15, 2015 at 4:48 PM, Ian Craggs
>>> <icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>>> Hi Jan,
>>>>
>>>> thanks for the info, very helpful. What I'm trying to do is to default the
>>>> online Paho web client example to a server which can be connected to.
>>>> Ideally the Eclipse IoT sandbox server, for obvious reasons :-).
>>>>
>>>> Eclipse.org seems to serve up the page as https by default or most of the
>>>> time, and then the browsers won't allow a non-secure websocket connection
>>>> out. I can get a connection to work by loading the page with http rather
>>>> than https but that takes some effort and is not something I want to ask
>>>> anyone to do. The sample utility needs to be updated for connection options
>>>> and TLS support anyway. We'll do that in due course (when James has time
>>>> during or after his stint at Wimbledon).
>>>>
>>>> Ian
>>>>
>>>>
>>>> On 06/15/2015 03:27 PM, Jan Weitz wrote:
>>>>
>>>> Hi Ian,
>>>>
>>>> you might want to try the HiveMQ websocket broker for testing.
>>>>
>>>> http://www.hivemq.com/demos/websocket-client/
>>>>
>>>> This worked for us in testing before we setup mosquitto with TLS.
>>>>
>>>> You might also put a NGINX locally in front of plain websocket mosquitto,
>>>> without putting any certs in mosquitto.conf, but keeping them in NGINX.
>>>>
>>>> ```
>>>> location /broker/ {
>>>> access_log off;
>>>> proxy_pass http://127.0.0.1:40002;
>>>> proxy_set_header X-Real-IP $remote_addr;
>>>> proxy_set_header Host $host;
>>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>>>
>>>> proxy_http_version 1.1;
>>>> proxy_set_header Upgrade $http_upgrade;
>>>> proxy_set_header Connection "upgrade";
>>>> }
>>>> ```
>>>>
>>>> Greetings,
>>>>
>>>> Jan
>>>>
>>>> On 15 Jun 2015, at 15:35, Ian Craggs <icraggs@xxxxxxxxxxxxxxxxxxxxxxx>
>>>> wrote:
>>>>
>>>> Hi Roger,
>>>>
>>>> thanks.
>>>>
>>>> Ian
>>>>
>>>>
>>>> On 06/15/2015 01:22 PM, Roger Light wrote:
>>>>
>>>> Hi Ian,
>>>>
>>>> No it doesn't. The websockets interface is provided by
>>>> apache+mod_websocket_mosquitto, I don't know if it would be possible
>>>> to have it do TLS.
>>>>
>>>> Cheers,
>>>>
>>>> Roger
>>>>
>>>>
>>>>
>>>> On Mon, Jun 15, 2015 at 12:51 PM, Ian Craggs
>>>> <icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>>>
>>>> Does the Mosquitto sandbox server at iot.eclipse.org have a secure (TLS)
>>>> websockets port? Is that port 80 as well?
>>>>
>>>> Just testing a sample, simple web application for the Paho JavaScript
>>>> client: https://www.eclipse.org/paho/clients/js/utility/index.html
>>>>
>>>> --
>>>> Ian Craggs
>>>> icraggs@xxxxxxxxxx IBM United Kingdom
>>>> Paho Project Lead; Committer on Mosquitto
>>>>
>>>> _______________________________________________
>>>> mosquitto-dev mailing list
>>>> mosquitto-dev@xxxxxxxxxxx
>>>> To change your delivery options, retrieve your password, or unsubscribe from
>>>> this list, visit
>>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>>>
>>>> _______________________________________________
>>>> mosquitto-dev mailing list
>>>> mosquitto-dev@xxxxxxxxxxx
>>>> To change your delivery options, retrieve your password, or unsubscribe from
>>>> this list, visit
>>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>>>
>>>>
>>>> --
>>>> Ian Craggs
>>>> icraggs@xxxxxxxxxx IBM United Kingdom
>>>> Paho Project Lead; Committer on Mosquitto
>>>>
>>>> _______________________________________________
>>>> mosquitto-dev mailing list
>>>> mosquitto-dev@xxxxxxxxxxx
>>>> To change your delivery options, retrieve your password, or unsubscribe from
>>>> this list, visit
>>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> mosquitto-dev mailing list
>>>> mosquitto-dev@xxxxxxxxxxx
>>>> To change your delivery options, retrieve your password, or unsubscribe from
>>>> this list, visit
>>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>>>
>>>>
>>>> --
>>>> Ian Craggs
>>>> icraggs@xxxxxxxxxx IBM United Kingdom
>>>> Paho Project Lead; Committer on Mosquitto
>>>>
>>>>
>>>> _______________________________________________
>>>> mosquitto-dev mailing list
>>>> mosquitto-dev@xxxxxxxxxxx
>>>> To change your delivery options, retrieve your password, or unsubscribe from
>>>> this list, visit
>>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>> _______________________________________________
>>> mosquitto-dev mailing list
>>> mosquitto-dev@xxxxxxxxxxx
>>> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>
>> --
>> Ian Craggs
>> icraggs@xxxxxxxxxx IBM United Kingdom
>> Paho Project Lead; Committer on Mosquitto
>>
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev