HTTP to HTTPS



  • Hello to everyone, I start testing shinobi for webcam stream, and I need to say it's EXCELLENT 🙂
    But I have a small problem and I need help. I put stream URL to iframe

    <iframe src="http://xxx.xxx.xxx.xx:xxxx/MFWjWkMxXzvOGEbzlFQDnH8/embed/eo4/qsqKY/jquery|fullscreen" controls
    width="100%" height="400px;">
    </iframe>

    And when I use this on localhost with xampp everything working nice, but when publish this to my angularjs app on server
    i get error
    "Mixed Content: The page at 'https://demodemo.com/monitors/xx' was loaded over HTTPS, but requested an insecure resource 'http://xxx.xxx.xxx.xx:xxxx/MFWjWkMxXzvOGEbzlFQDnH8/embed/eo4/qsqKY/jquery|fullscreen'. This request has been blocked; the content must be served over HTTPS."

    Is there any way to get streams in HTTPS? Thnx



  • I have the same problem.Do you know how to resolve it now?



  • Hi, iI think you can do this in two ways, first you can use the built-in ssl configuration as shown here: https://shinobi.video/docs/start#content-configuration

    In the other hand you can use a reverse proxy like nginx to serve the content via https.

    HTH



  • Hi there,

    does anyone have the reverse proxy method running with Apache2 on Ubuntu/Debian?
    If so, could you provide an example of your relevant file? I would guess it's /etc/apache2/sites-available/000-default-le-ssl.conf?

    I tried some examples from the internet-search, but could not get it running.

    Thanks, Daniel



  • @daniel You can get a free ssl cert for your shinobi install from letsencrypt.org

    This is a working proxy.conf
    The forum turned the comments into bright white. These lines should be prefixed by # as they are just comments

    save this to /etc/httpd/conf/ path on the machine you are going to use as a proxy.
    include the proxy.conf using #INCLUDE /etc/httpd/conf/proxy.conf at the bottom of your httpd.conf
    correct both of the xxx.xxx.xxx.xxx with your external IP address
    correct the ServerName
    correct the log paths
    correct the cert paths and names
    at the bottom of the proxy.conf correct the http URLs

    PROXY.CONF

    Listen xxx.xxx.xxx.xxx:443

    <VirtualHost xxx.xxx.xxx.xxx:443>
    ServerName shinobi.outside.com
    DocumentRoot /var/www/html
    ServerAdmin [email protected]

    <IfModule mod_reqtimeout.c>
    RequestReadTimeout header=30-40,MinRate=500
    </IfModule>

    custom log format for SSL requests

    LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b" ssl_request

    ErrorLog logs/shinobi/ssl_error_log
    CustomLog logs/shinobi/ssl_access_log combined
    CustomLog logs/shinobi/ssl_request_log ssl_request

    SSLEngine on

    intermediate security settings -- will breaks some clients!

    SSLProtocol -ALL +TLSv1.1 +TLSv1.2

    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

    SSLHonorCipherOrder on

    Header add Strict-Transport-Security "max-age=15552000;includeSubDomains"

    #Certs
    SSLCertificateFile "/etc/pki/tls/certs/cert.pem"
    SSLCertificateKeyFile "/etc/pki/tls/private/privkey.pem"
    SSLCertificateChainFile "/etc/pki/tls/certs/fullchain.pem"

    proxy to shinobi.inside

    ProxyPass / http://shinobi.inside.com/
    ProxyPassReverse / http://shinobi.inside.com/

    </VirtualHost>tp urls



  • Great DougP, thanks a lot.
    I'm on holiday currently and will try out once i'm back.


 

Looks like your connection to Shinobi Forum was lost, please wait while we try to reconnect.