Announcement

Collapse
No announcement yet.

We need native HTTPS support!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #76
    Originally posted by Moskus View Post
    The only legitimate reason I can think of is "it will take too much of our time to make a proper web server to HS". And that's what I'm hearing. Please just say that if it's true.

    I can understand it, but that doesn't mean I'm happy about it.
    Isn't "making" a web server re-inventing the wheel? Aren't these available open-source? I guess there could be licensing issues with a commercial product.

    Comment


      #77
      Perhaps the proper word is "include" or "replace". There IS a web server in HS3 now, but I'm not sure who made it.
      HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
      Running on Windows 10 (64) virtualized
      on ESXi (Fujitsu Primergy TX150 S8).
      WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

      Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

      Comment


        #78
        Originally posted by Moskus View Post
        Perhaps the proper word is "include" or "replace". There IS a web server in HS3 now, but I'm not sure who made it.
        I'm sure it was Rick who posted a good few years ago that the HS web server was completely custom. I don't know if this changed with HS3, seems a bit of a sledgehammer approach IMHO but guess they have reasons for it.

        Comment


          #79
          Yes, we have our own web server built in, and yes, there are probably some open source web servers, but ours was build over 10 years ago. There wasn't much available back then and Microsoft would not allow IIS to run on anything but Windows PRO and Server. We have customized it so much over the years, hence the reason we stick with it. It is not a big a deal to add SSL support, but it does not appear to be the best use of our time, considering we have a solution that fits most users. It would be a support mess if added as a supported feature as novice users would have so many problems getting it working. (Browser errors, port forwarding, SSL certs, etc.)

          That being said, I understand the concern of many of our core users. The next build of HS3 has a new "Labs" section in Setup where we can add things that we would only support on the forum. If SSL was added there, that solves the support issue and gets you the feature. The Labs section will allow us to roll out features without calling the entire build a "Beta".

          Originally posted by Moskus View Post
          The only legitimate reason I can think of is "it will take too much of our time to make a proper web server to HS". And that's what I'm hearing. Please just say that if it's true.

          I can understand it, but that doesn't mean I'm happy about it.
          website | buy now | support | youtube

          Comment


            #80
            Originally posted by rjh View Post
            Just to be clear, we do support https, just go to https://myhs.homeseer.com. No other HA system supports https directly to thier system. If you use myhs you are encrypted from your browser to your system with SSL that is always kept up to date.
            OK, given that..... can you give us a "Best Practices" heads-up on how to properly configure the Tools > Network settings, if exclusively using myhs.homeseer.com.

            Is there any point of more than one user?

            Why do I get tons of "Client Command Retry" errors with myhs?
            HomeSeer Version: HS3 Pro Edition 4.2.6.0
            Operating System: Microsoft Windows 10 Pro - Desktop

            Enabled Plug-Ins
            AK Google Calendar 3.0.0.45,AK Smart Device 3.0.0.6,AK Weather 4.0.1.77,AmbientWeather 3.0.1.9,Big5 1.38.0.0,BLBackup 2.0.63.0,BLGData 3.0.55.0,BLLock 3.0.38.0,BLPlex 2.0.22.0,BLUPS 2.0.26.0,Device History 3.2.0.2,EasyTrigger 3.0.0.74,HSBuddy 3.25.614.1,mcsMQTT 5.21.4.1,MeiHarmonyHub 3.1.0.22,NetCAM 3.0.0.14,PHLocation 3.0.1.109,Restart 1.0.0.7,SDJ-Health 3.1.0.3,SDJ-VStat 3.1.0.7,TPLinkSmartHome 19.10.7.1,UltraCID3 3.0.6681.34300,UltraSighthoundVideo3 3.0.5960.36744,,Z-Wave 3.0.2.0

            Comment


              #81
              Originally posted by rjh View Post
              Yes, we have our own web server built in, and yes, there are probably some open source web servers, but ours was build over 10 years ago. There wasn't much available back then and Microsoft would not allow IIS to run on anything but Windows PRO and Server. We have customized it so much over the years, hence the reason we stick with it. It is not a big a deal to add SSL support, but it does not appear to be the best use of our time, considering we have a solution that fits most users. It would be a support mess if added as a supported feature as novice users would have so many problems getting it working. (Browser errors, port forwarding, SSL certs, etc.)

              That being said, I understand the concern of many of our core users. The next build of HS3 has a new "Labs" section in Setup where we can add things that we would only support on the forum. If SSL was added there, that solves the support issue and gets you the feature. The Labs section will allow us to roll out features without calling the entire build a "Beta".
              This sounds like the best of both worlds and I'm excited to see what kinds of things will make it to the "Labs"
              MeiAutomtion Home

              Comment


                #82
                Originally posted by rjh View Post
                It is not a big a deal to add SSL support, but it does not appear to be the best use of our time, considering we have a solution that fits most users.
                Thank you for saying it, I appreciate it.
                I do not agree, but I appreciate it non the less.

                Originally posted by rjh View Post
                It would be a support mess if added as a supported feature as novice users would have so many problems getting it working. (Browser errors, port forwarding, SSL certs, etc.)
                Yes, I see your point. But add it under it's own section under network, labeled "YES I HOPE I KNOW WHAT I'M DOING AND I PROMISE TO NOT CALL SUPPORT IF THIS FAIL".


                Originally posted by rjh View Post
                That being said, I understand the concern of many of our core users. The next build of HS3 has a new "Labs" section in Setup where we can add things that we would only support on the forum. If SSL was added there, that solves the support issue and gets you the feature. The Labs section will allow us to roll out features without calling the entire build a "Beta".
                Wow. Just wow! Cool feature looking forward to it!
                HSPro 3.0.0.458, Z-NET with Z-wave plugin 3.0.1.190, RFXCOM + 2x RFXtrx433E, HSTouch, Squeezebox plugin, iTach IP/WF2IR & GC-100-6 with UltraGCIR, BLDenon, NetcamStudio, Jon00s Webpage builder, Harmony Hub plugin, SCSIP (with FreePBX), Arduino plugin, IFTTT, Pushalot plugin, Device History plugin.
                Running on Windows 10 (64) virtualized
                on ESXi (Fujitsu Primergy TX150 S8).
                WinSeer (for Win10) - TextSeer - FitbitSeer - HSPI_MoskusSample

                Are you Norwegian (or Scandinavian) and getting started with HomeSeer? Read the "HomeSeer School"!

                Comment


                  #83
                  Not a cloud consumer

                  Like most on this thread, perhaps even many of Homeseer users, I am not a consumer of "The Cloud". I have very modest computer networking skills, and do the basics like stati-cize my external IP. I have my own media server, ftp server, and other remote access to my network which is all secure.

                  When I bought Homeseer a couple weeks ago I expected to continue down this path; running it entirely on my home network. It seems to me all these cloud services are mostly a crutch for those who can't/won't learn simple network configuration. Video cameras and doorbells that store on internet servers rather than locally, connecting to a "cloud service" rather than your home network with local storage to access? Makes no sense.

                  So I am glad to see direct access will be offered. That said, I hope it is also supported. And I don't mean hand-holding tech support, but rather working functionality and addressing of software issues.

                  Thank you,

                  Comment


                    #84
                    Originally posted by lifespeed View Post
                    Like most on this thread, perhaps even many of Homeseer users, I am not a consumer of "The Cloud". I have very modest computer networking skills, and do the basics like stati-cize my external IP. I have my own media server, ftp server, and other remote access to my network which is all secure.

                    When I bought Homeseer a couple weeks ago I expected to continue down this path; running it entirely on my home network. It seems to me all these cloud services are mostly a crutch for those who can't/won't learn simple network configuration. Video cameras and doorbells that store on internet servers rather than locally, connecting to a "cloud service" rather than your home network with local storage to access? Makes no sense.

                    So I am glad to see direct access will be offered. That said, I hope it is also supported. And I don't mean hand-holding tech support, but rather working functionality and addressing of software issues.

                    Thank you,
                    I think we sometimes lose focus of the bigger picture here related to iOT devices and the cloud. It's not going anywhere (I have been fighting it for a long time in my day job and have finally had to give in because its the future). People on this forum are power users, they are not the average Joe. We know what a "cloud" is, and know why we don't want it. But most of the devices created these days are not for us as a market because we probably don't even make up 1 percent. A company is going to put its time and efforts where it knows it will make the most money, and cloud computing and iOT devices is where the money is at, and Rich blatantly stated this earlier in this thread, again we forget on this forum that we are not the only ones here and there are others with less skills that are paying money to HS, and so HS needs to appeal to everyone. They aren't a big company, and resource limited, so they need to make the decisions where it makes sense to spend the money, to make the money.

                    That being said, I picked HS for a reason. I don't want to rely on a cloud. HS doesn't need a cloud to work, but they do offer cloud type services (MyHS). You don't need these services to have HS work. The cloud services that are offered, are there to enhance the functionality, but not required. If you want to connect your HS remotely without using their cloud service, you can create your own setup with minimal effort, though I think for most it would expose you to more risk vs just using HS's servers.

                    Lets be easy on those that do use the cloud services offered, they aren't as smart as you, yet they want to be able to do the same thing that we do. Plus I highly doubt that everyone is staying away from iOT devices. I am not a fan of what they have done to the HA ecosystem, but try and take my Alexa away from me, and we will have words...

                    Comment


                      #85
                      Originally posted by waynehead99 View Post
                      HS doesn't need a cloud to work, but they do offer cloud type services (MyHS). You don't need these services to have HS work. The cloud services that are offered, are there to enhance the functionality, but not required. If you want to connect your HS remotely without using their cloud service, you can create your own setup with minimal effort, though I think for most it would expose you to more risk vs just using HS's servers.
                      I tried to connect HSTouch to HS3 without using myhs. Couldn't get it to work, despite every other service on my network being available to the internet at large. Also, I have been told that HTTPS access on port 443 doesn't really work either. I chose not to waste my time trying at this point, although I admit this is secondhand information.

                      I'm not sure how well standalone remote access actually works. Right now I have only managed to get insecure HTTP on port 80, and HSTouch using myhs working.

                      Comment


                        #86
                        I do not utilize myhs here and have no issues with my HSTouch clients inside or outside of my network direct or via a VPN tunnel (which is what I use today).

                        What OS client for HSTouch are you using today?

                        For external access of HSTouch server have you configured your firewall to allow the HSTouch port utilized to pass?
                        - Pete

                        Auto mator
                        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                        HS4 Lite - Ubuntu 20.04 / VB W7e Jetway JBC420U591
                        Fanless IntelĀ® Celeron N3160 SoC 8Gb
                        HS4 Pro - V4.1.18.1 - Ubuntu 20.04/VB W7e 64 bit Intel Kaby Lake CPU - 32Gb
                        HSTouch on Intel tabletop tablets

                        X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                        Comment


                          #87
                          Originally posted by Pete View Post
                          I do not utilize myhs here and have no issues with my HSTouch clients inside or outside of my network direct or via a VPN tunnel (which is what I use today).

                          What OS client for HSTouch are you using today?

                          For external access of HSTouch server have you configured your firewall to allow the HSTouch port utilized to pass?
                          Yeah, did all that using the Android client. I'm not infallible, but still pretty familiar with how to operate my router and network. So as not to derail this thread, please check the topic here. If there is anything I missed I would still like to get this working.

                          Comment


                            #88
                            We need native HTTPS support!

                            Originally posted by waynehead99 View Post
                            I think we sometimes lose focus of the bigger picture here related to iOT devices and the cloud. It's not going anywhere (I have been fighting it for a long time in my day job and have finally had to give in because its the future). People on this forum are power users, they are not the average Joe. We know what a "cloud" is, and know why we don't want it. But most of the devices created these days are not for us as a market because we probably don't even make up 1 percent. A company is going to put its time and efforts where it knows it will make the most money, and cloud computing and iOT devices is where the money is at, and Rich blatantly stated this earlier in this thread, again we forget on this forum that we are not the only ones here and there are others with less skills that are paying money to HS, and so HS needs to appeal to everyone. They aren't a big company, and resource limited, so they need to make the decisions where it makes sense to spend the money, to make the money.

                            That being said, I picked HS for a reason. I don't want to rely on a cloud. HS doesn't need a cloud to work, but they do offer cloud type services (MyHS). You don't need these services to have HS work. The cloud services that are offered, are there to enhance the functionality, but not required. If you want to connect your HS remotely without using their cloud service, you can create your own setup with minimal effort, though I think for most it would expose you to more risk vs just using HS's servers.

                            Lets be easy on those that do use the cloud services offered, they aren't as smart as you, yet they want to be able to do the same thing that we do. Plus I highly doubt that everyone is staying away from iOT devices. I am not a fan of what they have done to the HA ecosystem, but try and take my Alexa away from me, and we will have words...


                            I can see both sides of this discussion. The time expense in maintaining an HTTPS interface along side an unencrypted one means constant tracking of web security, plugin interoperability, and client compatibility. I deal with this all the time in the field of work I deal in.

                            That said I think being able to natively encrypt login and activity traffic to the HS3 management interface will be a nice feature for those who want to host it on their public WAN interface without network infrastructure handling the secure encryption.

                            Personally, I buy products that are focused and are designed to do their job well. I bought HS3 because it is a solid event engine, integrates with many of my other home devices, runs on my local LAN, and it does not rely on a cloud based service or my ISP connection to perform primary functions. Touching my management interface securely was not a primary driver for my purchase. MYHS works well enough, if I ever have to remote in and make a change, as I don't have to touch HS3 often once devices/events are tested and implemented. I don't have to use HS3touch much either as everything just works. I opted to implement a reverse proxy because filling the HTTPS offloading need is a major part of what it was designed specificallh to do. I will say after I got my reverse proxy in place I have been interested in seeing what I could integrate with it more than anything.


                            Sent from my iPhone using Tapatalk
                            Last edited by Kerat; June 21, 2017, 01:13 PM.

                            Comment


                              #89
                              I can't believe we are having this security discussion in 2017..

                              When home automation was a little bit less mainstream and security through obscurity was a thing..

                              But seriously...

                              You are connecting your HOUSE to the internet, this includes:

                              Motion sensors
                              Door locks
                              Lights
                              Appliances
                              Heating and Cooling
                              Cameras
                              etc...

                              I'm sure you can figure out what evil doers would do with access to any of those things... but let me elaborate.

                              Motion sensors (You're not home)
                              Door locks (unlock and come in)
                              Lights (turn them on and waste your power, or wake you up in the middle of the night to a bright house)
                              Appliances (Depends, but maybe turn off something that shouldn't be off when you're on vacation)
                              Heating and cooling.... frozen pipes costly damage... overheated pets?
                              Cameras... um yeah.

                              So seriously you should be protecting this stuff more so than your facebook password.... encrypted network traffic is no good for this kind of stuff... PERIOD

                              And as far as a cloud solution, there is the problem if that gets hacked, which.... seems like a good target, you now know 10000's of home automated endpoints. This is pretty serious business tying the real word into the digital world... it's not like a hacked system will just be a digital annoyance... real physical damage could be done.

                              So... please in the next version of homeseer just use an external webserver, don't build it in... The benefits of that are tremendous. In fact if the only thing you worried about was an API and you built a SPA styles client rich interface the webpages being served up could run on any web server.
                              Joe (zimmer62)

                              BLSecurtiy, AC-RF2, RCS Serial Thermostats, RFXCOM SMarthome SwitchLinc, mcsXap, Global Cache GC100, SqueezeBox, TWA_ONKYOINTEGRA, BLLogMonitor, BLPlugins, BLRadar, BLSpeech, BLZLog.aspx, HSTouch (Windows, iPhone, iPod), USB Mimo touchscreens, VMWare Server, Vortexbox, Windows Home Server, MyMovies, Windows Media Center, X10, ZWave, and much much much more.

                              Comment


                                #90
                                Linux would work, but there really isn't any good asp.net web server for Windows other than IIS and that is only supported on PRO versions of Windows.

                                We are looking at updating the SSL support on our server.

                                Originally posted by zimmer62 View Post
                                I can't believe we are having this security discussion in 2017..

                                When home automation was a little bit less mainstream and security through obscurity was a thing..

                                But seriously...

                                You are connecting your HOUSE to the internet, this includes:

                                Motion sensors
                                Door locks
                                Lights
                                Appliances
                                Heating and Cooling
                                Cameras
                                etc...

                                I'm sure you can figure out what evil doers would do with access to any of those things... but let me elaborate.

                                Motion sensors (You're not home)
                                Door locks (unlock and come in)
                                Lights (turn them on and waste your power, or wake you up in the middle of the night to a bright house)
                                Appliances (Depends, but maybe turn off something that shouldn't be off when you're on vacation)
                                Heating and cooling.... frozen pipes costly damage... overheated pets?
                                Cameras... um yeah.

                                So seriously you should be protecting this stuff more so than your facebook password.... encrypted network traffic is no good for this kind of stuff... PERIOD

                                And as far as a cloud solution, there is the problem if that gets hacked, which.... seems like a good target, you now know 10000's of home automated endpoints. This is pretty serious business tying the real word into the digital world... it's not like a hacked system will just be a digital annoyance... real physical damage could be done.

                                So... please in the next version of homeseer just use an external webserver, don't build it in... The benefits of that are tremendous. In fact if the only thing you worried about was an API and you built a SPA styles client rich interface the webpages being served up could run on any web server.
                                website | buy now | support | youtube

                                Comment

                                Working...
                                X