Comments (4)
Just FYI, if someone is interested in getting Little Printer connect to their Sirius server via HTTPS, you can find a patched version of the bridge software that makes that possible here: https://github.com/knyar/berg-bridge
I think I managed to make it properly pass the Host
header while establishing a websocket connection, and also removed client side SSL verification.
from sirius.
A small update: I added local SSL (via Docker) support into my fork, and the connection happily stays open when running websocat -k -v wss://sirius.localhost:8443/api/v1/connection
, so perhaps there's something funky with the SSL termination at Heroku? Maybe it needs some additional paid addon to keep the connection open? Blargh.
from sirius.
Hi @notjosh ! Your new printer is looking great!
So I'm not a specialist in all this, but there are a few wrinkles in how this all works. We use Heroku to host sirius, but when the Berg bridges connect, they resolve DNS and send their HTTP/HTTPS requests without a Host
header. I think WSS doesn't work for them either, since the certificate the server provides is attached to a DNS name, not an IP address. Heroku also can't give you a dedicated IP address.
So to work around this, we stood up a VM on Digital Ocean that is a reverse proxy for the heroku server. Here's the config:
root@little-printer-proxy:~# cat /etc/nginx/sites-enabled/littleprinterproxy
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream heroku {
server nord-sirius.herokuapp.com:443;
}
upstream ngrok {
server 1d591c6f.ngrok.io:443;
}
server {
listen 80 default_server;
server_name littleprinter.nordprojects.co;
location / {
proxy_pass https://heroku;
# proxy_pass https://ngrok;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host "littleprinter.nordprojects.co";
# proxy_ssl_session_reuse off;
proxy_connect_timeout 10s;
proxy_read_timeout 60s;
# proxy_set_header Host "1d591c6f.ngrok.io";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/littleprinter.nordprojects.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/littleprinter.nordprojects.co/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
littleprinter.nordprojects.co
points to that server, and that server routes the traffic via HTTPS to heroku.
Later, I wanted to make the device.li
URLs, so I created a different nginx config on that server:
root@little-printer-proxy:~# cat /etc/nginx/sites-enabled/deviceli
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream littleprinter {
server littleprinter.nordprojects.co:443;
}
server {
server_name device.li;
location / {
proxy_pass https://littleprinter/printkey/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host "littleprinter.nordprojects.co";
proxy_ssl_session_reuse off;
proxy_read_timeout 86400s;
}
location /static/ {
proxy_pass https://littleprinter/static/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host "littleprinter.nordprojects.co";
proxy_ssl_session_reuse off;
proxy_read_timeout 86400s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/device.li/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/device.li/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = device.li) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name device.li;
return 404; # managed by Certbot
}
So that's the context - I'm no expert in nginx, so there might well be issues in those configs that are causing issues. I will say though, have you tried wss://littleprinter.nordprojects.co/api/v1/connection
? That's what I would expect to work - there's an SSL config for that domain, and nginx is already routing unsecured HTTP websocket traffic at that URL.
from sirius.
Whew, thanks for the writeup! That all makes complete sense, I appreciate it.
I haven't looked super closely just yet, but it looks like wss://littleprinter.nordprojects.co/api/v1/connection
works completely fine. I wish I tried that in the first place and saved us both the hassle ;)
I'll close the issue, and reopen if it starts to look like a problem again.
from sirius.
Related Issues (11)
- Oauth twitter and web printing HOT 3
- CORS support to allow browser-based web apps to access the API
- Add timezone settings to printers HOT 1
- Report of red flashing lights on bridges 🚨 HOT 10
- Cannot claim new printer HOT 14
- Sharing text to Little Printers.app results in multiple printing
- Printing with no face HOT 1
- 22 April 2021 Downtime HOT 3
- Twitter authentication no longer working HOT 8
- Fixing some LP bridge flash corruption
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sirius.