Announcement

Collapse
No announcement yet.

We need native HTTPS support!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by cheeryfool View Post
    I know that this is only a guide, but I see ping times from East Coast USA to myhs at ~35ms. I see transatlantic pings mostly of 70-90ms - depending on site.

    What do you guys in Europe see for myhs currently?
    89ms here in London
    Jon

    Comment


      #17
      Originally posted by rjh View Post
      The local web interface is not going away, you will always be able to manage your system locally, without an Internet connection.

      You really cannot use SSL securely without a domain. Sure you can create a self signed cert, but that is not really secure.

      I don't know why there is a push back on MyHS, we have made it very reliable (I use it every day), and it uses SSL, and its free. Why should we provide yet another secure solution for accessing your home system? That is so complicated that only the really technical can use it?

      There are bunch of free tunneling apps out there that you can run on your PC and it will allow you to securely tunnel into your home system. Also, as mentioned, you can use a VPN. So there are solutions available for the technically minded.
      Thanks Rich for taking the time to join the conversation and respond.

      I know that I have been hoping for https access to the Zee since it was released. I don't know what specifically makes it complicated with Mono on Linux, but it seems like it is for some reason. I started doing some research, but didn't get far because I didn't want to break anything.

      I see what you are saying about self-signed certs, but it isn't that they are secure, it is just that you need to be able to import and trust the cert on the client side for it to be effective. . .when you are connecting to your own systems, they are a great tool. I suspect some here have their own domains or a dyndns hostname that they would tie the cert to in implementation.

      For many here (including me), we see how cloud services come and go and we don't want our secure remote access to be dependent or tied to an online service. If there is internet up at the house, we want to be able to connect to it. Even if myhs went away completely, it wouldn't change the usefulness of the system.

      Even though https is only being discussed for remote access. . .we really should be able to protect our internal systems by accessing them over https. . .just because it is local doesn't always mean it is safe. Security by obscurity only goes so far. . .

      Comment


        #18
        Originally posted by rjh View Post
        MyHS can now use multiple servers, so setting up an EU server is possible and we are looking into it. It would speed things up.

        But I would think you would use HSTouch for remote access, I never use the web interface, HSTouch is much easier and HSTouch uses very little data so it should be just about as fast as local connection.

        There is no timeout if you leave the web browser open with MyHS, so you should be able to stay connected.

        As for your own app, if you are trying to access an HS system through MyHS just use the JSON interface. You pass the user/pass in the command so accessing is easy. If you need some docs on this, let me know.
        Unfortunately, HSTouch won't even start for me without crashing on my iPhone and iPad. Using HSBuddy so I can actually access my system outside the web interface. Also, if you are trying to create or edit an event or check the server logs, HSTouch won't cut it.

        If I had the source for the Pebble Seer app, I would see if there was anything I could do to get it to work through myhs, but I don't. Kriz was saying back when he first wrote it that it wasn't working through myhs for some reason. Also, I use another login for that app. . .and myhs only allows for the one login on the default setup. . .

        Comment


          #19
          I currently reverse proxy as well and offload SSL, but you are I agree it would be nice to have the option to have adequate security as an option for the HS webserver

          Comment


            #20
            Originally posted by rjh View Post
            MyHS can now use multiple servers, so setting up an EU server is possible and we are looking into it. It would speed things up.
            That's great! I'd love to see faster loading speeds.


            Originally posted by rjh View Post
            But I would think you would use HSTouch for remote access, I never use the web interface, HSTouch is much easier and HSTouch uses very little data so it should be just about as fast as local connection.
            The web interface (using Jon00s excellent Quick Page builder) is extremely fast for getting the overview of the house.

            HStouch is great for what it does, but it's not perfect. It takes a while to start, to connect, and to load data, and worst of all: There's no Windows app at all.

            Making the web interface extremely useful, fast and reliable.
            WinSeer was designed to load quickly and find a device fast. I'm sure I'm able to find and control a device much, MUCH faster than you are.


            Originally posted by rjh View Post
            There is no timeout if you leave the web browser open with MyHS, so you should be able to stay connected.
            If you say so.
            I'll try this again at work, but on my cell phone it doesn't work like this.


            Originally posted by rjh View Post
            As for your own app, if you are trying to access an HS system through MyHS just use the JSON interface. You pass the user/pass in the command so accessing is easy. If you need some docs on this, let me know.
            YES! This is very interesting!
            My app is using the JSON interface only, so if I can pass credentials along with the request, then MyHS is easily integrated.

            I've been looking in the documentation, but can't find anything. Point me in the right direction




            .... but I still think we need a proper SSL supported web server. You can even get free fully qualified certificates these days (take a look at letsencrypt.org), so there really aren't any excuses. We ARE in 2017, everything should be using SSL.
            HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
            Running on Windows 10 (64) virtualized
            on ESXi (Fujitsu Primergy TX150 S8).
            WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

            Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

            Comment


              #21
              Originally posted by Moskus View Post
              .... but I still think we need a proper SSL supported web server. You can even get free fully qualified certificates these days (take a look at letsencrypt.org), so there really aren't any excuses. We ARE in 2017, everything should be using SSL.
              Nice to know. Haven't tried to get a new cert recently.

              HTTPS, Yes. I agree.

              Comment


                #22
                I run all my local servers from self-signed certs, and just need to import my local CA cert into my browsers. I can understand for some people this isn't very straight forward.

                However as @Moskus said, there's been a huge push from Let's Encrypt to give people free SSL certs. There's many apps and firewalls adding support for this.

                Google Domains hosts my domains, so I have a Dynamic DNS, with a real domain name, for my home IP and it's free (also totally automated on my firewall out of the box). There's also other Dynamic DNS services that do this for reasonable cost (I used Dyn.com prior to this). No reason I can't use a real cert for that for external connectivity.

                Comment


                  #23
                  Seems crazy to me that there even has to be a thread dedicated to this. Its a no-brainer for a company that advertises themselves as NOT cloud reliant to have modern day SSL support. Although I do currently use openVPN to get to all my services, it'd be nice to have it externally available and not have to worry about that for at least 1 service.

                  Comment


                    #24
                    For accessing MyHS with user/pass with JSON, see the help file here, and click on the JSON section. On the first page there is a sample URL that includes user/pass:

                    http://homeseer.com/support/homeseer...DK/default.htm

                    Originally posted by Moskus View Post
                    That's great! I'd love to see faster loading speeds.



                    The web interface (using Jon00s excellent Quick Page builder) is extremely fast for getting the overview of the house.

                    HStouch is great for what it does, but it's not perfect. It takes a while to start, to connect, and to load data, and worst of all: There's no Windows app at all.

                    Making the web interface extremely useful, fast and reliable.
                    WinSeer was designed to load quickly and find a device fast. I'm sure I'm able to find and control a device much, MUCH faster than you are.



                    If you say so.
                    I'll try this again at work, but on my cell phone it doesn't work like this.



                    YES! This is very interesting!
                    My app is using the JSON interface only, so if I can pass credentials along with the request, then MyHS is easily integrated.

                    I've been looking in the documentation, but can't find anything. Point me in the right direction




                    .... but I still think we need a proper SSL supported web server. You can even get free fully qualified certificates these days (take a look at letsencrypt.org), so there really aren't any excuses. We ARE in 2017, everything should be using SSL.
                    website | buy now | support | youtube

                    Comment


                      #25
                      myHS with HSTouch works ok, but takes a little time to load before I can control.

                      I am unable to view the HS log or create/modify a HS event over myHS.
                      Accessing the web interface with myHS just spins and never completes loading.
                      It simply does not work for anything except HSTouch.
                      HS4Pro Running on a Raspberry Pi4
                      79 Z-Wave Nodes, 131 Events, 383 Devices
                      Z-Wave, UPB, WiFi
                      Plugins: EasyTrigger, weatherXML, OMNI, Z-Wave, Tuya, Device History
                      HSTouch Clients: 3 Android, 1 Joggler

                      Comment


                        #26
                        What version of HS3 are you using?

                        Originally posted by rmasonjr View Post
                        myHS with HSTouch works ok, but takes a little time to load before I can control.

                        I am unable to view the HS log or create/modify a HS event over myHS.
                        Accessing the web interface with myHS just spins and never completes loading.
                        It simply does not work for anything except HSTouch.
                        website | buy now | support | youtube

                        Comment


                          #27
                          Originally posted by rjh View Post
                          What version of HS3 are you using?

                          Current Date/Time: 3/1/2017 3:16:33 PM
                          HomeSeer Version: HS3 Pro Edition 3.0.0.307
                          Linux version: Linux RPi2 3.18.5-v7+ #225 SMP PREEMPT Fri Jan 30 18:53:55 GMT 2015 armv7l GNU/Linux System Uptime: 5 Days 23 Hours 59 Minutes 11 Seconds
                          IP Address: 192.168.0.142
                          Number of Devices: 299
                          Number of Events: 170
                          Available Threads: 372

                          Enabled Plug-Ins
                          2.0.89.0: BLRF
                          3.0.0.31: EasyTrigger
                          3.0.1.18: HAI
                          3.0.0.103: HSTouch Server
                          3.0.0.63: weatherXML
                          3.0.1.102: Z-Wave
                          HS4Pro Running on a Raspberry Pi4
                          79 Z-Wave Nodes, 131 Events, 383 Devices
                          Z-Wave, UPB, WiFi
                          Plugins: EasyTrigger, weatherXML, OMNI, Z-Wave, Tuya, Device History
                          HSTouch Clients: 3 Android, 1 Joggler

                          Comment


                            #28
                            Originally posted by rmasonjr View Post
                            Current Date/Time: 3/1/2017 3:16:33 PM
                            HomeSeer Version: HS3 Pro Edition 3.0.0.307
                            Linux version: Linux RPi2 3.18.5-v7+ #225 SMP PREEMPT Fri Jan 30 18:53:55 GMT 2015 armv7l GNU/Linux System Uptime: 5 Days 23 Hours 59 Minutes 11 Seconds
                            IP Address: 192.168.0.142
                            Number of Devices: 299
                            Number of Events: 170
                            Available Threads: 372

                            Enabled Plug-Ins
                            2.0.89.0: BLRF
                            3.0.0.31: EasyTrigger
                            3.0.1.18: HAI
                            3.0.0.103: HSTouch Server
                            3.0.0.63: weatherXML
                            3.0.1.102: Z-Wave
                            I am also on 3.0.0.307 (Std though). I have not updated HSTouch, running on 3.0.0.85 (for over a year probably). MyHS web interface does allow me access to logs and event management. . .

                            Comment


                              #29
                              307 is a beta, but that should not matter. Update to 312 and see if there is any change, I suspect not. I don't understand why you cannot access reliably, all looks ok on this end. Where are you located?

                              Originally posted by rmasonjr View Post
                              Current Date/Time: 3/1/2017 3:16:33 PM
                              HomeSeer Version: HS3 Pro Edition 3.0.0.307
                              Linux version: Linux RPi2 3.18.5-v7+ #225 SMP PREEMPT Fri Jan 30 18:53:55 GMT 2015 armv7l GNU/Linux System Uptime: 5 Days 23 Hours 59 Minutes 11 Seconds
                              IP Address: 192.168.0.142
                              Number of Devices: 299
                              Number of Events: 170
                              Available Threads: 372

                              Enabled Plug-Ins
                              2.0.89.0: BLRF
                              3.0.0.31: EasyTrigger
                              3.0.1.18: HAI
                              3.0.0.103: HSTouch Server
                              3.0.0.63: weatherXML
                              3.0.1.102: Z-Wave
                              website | buy now | support | youtube

                              Comment


                                #30
                                Originally posted by rjh View Post
                                307 is a beta, but that should not matter. Update to 312 and see if there is any change, I suspect not. I don't understand why you cannot access reliably, all looks ok on this end. Where are you located?
                                Rich,

                                You don't think it might be the HSTouch plug-in version? Not sure what is in the newer releases. I updated to .85 for some reason (don't remember what), but I haven't seen any change lots/release notes for HSTouch plugin since. . .could be missing them. . .

                                Comment

                                Working...
                                X