-
Notifications
You must be signed in to change notification settings - Fork 30
SSL Configuration
To use the HTTPS protocol with dashPanel you must perform a few simple steps. These require some additional setup for your configuration and can be completed in just a couple of steps. First, you must generate or acquire a certificate from an authority. This is used to encrypt the communications between your browser and the dashPanel server.
Certificates come in two forms. They are either self-signed or signed by an authority. Self-signed certificates are of course signed by you but they carry some issues due to the way some browsers access them. Often the browser will throw up a warning when it cannot chain to a trust anchor. The user may need to click through this warning to certify that they know that some 3rd party has not verified the certificate.
The second type of certificate is signed by what is known as an trusted authority. This authority is granted special trust to verify the validity of the certificate. Interestingly enough if you are savvy enough you can become your own trusted authority. Popular options for generating/acquiring a certificate are Openssl for a locally generated cert, letsencrypt.org for a free, domain registered certificate
In the end you will need to do some googling or ducking to figure out how to generate this certificate but once you do you can simply begin using it using the configuration options below. Before you start shut down the dashPanel server.
- After acquiring/generating the a certificate copy it to the computer where dashPanel is installed.
While this can be installed anywhere on the local computer, a good location is to create an ssl folder at
/etc/ssland copy the certificate and private key files there.
Pro Tip: consider placing actual cert & privkey in a common directory on the host like /etc/ssl/mycerts, then symlink the cert and private-key file locations in the nodejs-poolController-dashPanel/ssl directory, as well as the nodejs-poolController/ssl directory (if on the same host), so that cert files remain consistent (and easily updatable) across all apps on the host. Example:_
cd ~/nodejs-poolController-dashPanel
mkdir ssl
cd ~/nodejs-poolController-dashPanel/ssl
ln -s /etc/ssl/mycerts/privkey.pem privkey.pem
ln -s /etc/ssl/mycerts/cert.pem cert.pem
- Enable HTTPS in the config.json file for dashPanel.
In your favorite editor open the config.json file located in the
~/nodejs-poolController-dashPanelfolder. Then in the HTTPS section set the enable leaf to true and save the file. Also, make sure the ip address is set to 0.0.0.0 and the sslKeyFile and sslCertFile nodes are set to point to the location of the certificate and key files. Once you are sure of your changes save and close the file.
"https": {
"enabled": true,
"ip": "0.0.0.0",
"port": 5151,
"authentication": "none",
"authFile": "/users.htpasswd",
"sslKeyFile": "/ssl/privkey.pem",
"sslCertFile": "/ssl/cert.pem"
}
-
Restart dashPanel. If you are using pm2 you can simply type
pm2 restart dashPanelor if you are not typenpm startor you can reboot your pi if you have dashPanel set to start on boot. -
To access dashPanel use
https://<ip address or domain name>:5151it will now be using https.
Note: njspc and njspc-dashPanel can both run ssl, one or the other can, or neither can. The effect of running ssl on only one appears to be that either the GUI interface is encrypted in transit, but the data in the fields is not, or vice versa. For the most part if you are only accessing njsPC from dashPanel configuring ssl is probably not needed and I would recommend setting the njsPC connection to the loopback 127.0.0.1 or dashPanel can also be used to proxy the commands by checking the proxy checkbox.