Announcement

Collapse
No announcement yet.

We need native HTTPS support!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Kerat
    replied
    We need native HTTPS support!

    Originally posted by waynehead99 View Post
    I think we sometimes lose focus of the bigger picture here related to iOT devices and the cloud. It's not going anywhere (I have been fighting it for a long time in my day job and have finally had to give in because its the future). People on this forum are power users, they are not the average Joe. We know what a "cloud" is, and know why we don't want it. But most of the devices created these days are not for us as a market because we probably don't even make up 1 percent. A company is going to put its time and efforts where it knows it will make the most money, and cloud computing and iOT devices is where the money is at, and Rich blatantly stated this earlier in this thread, again we forget on this forum that we are not the only ones here and there are others with less skills that are paying money to HS, and so HS needs to appeal to everyone. They aren't a big company, and resource limited, so they need to make the decisions where it makes sense to spend the money, to make the money.

    That being said, I picked HS for a reason. I don't want to rely on a cloud. HS doesn't need a cloud to work, but they do offer cloud type services (MyHS). You don't need these services to have HS work. The cloud services that are offered, are there to enhance the functionality, but not required. If you want to connect your HS remotely without using their cloud service, you can create your own setup with minimal effort, though I think for most it would expose you to more risk vs just using HS's servers.

    Lets be easy on those that do use the cloud services offered, they aren't as smart as you, yet they want to be able to do the same thing that we do. Plus I highly doubt that everyone is staying away from iOT devices. I am not a fan of what they have done to the HA ecosystem, but try and take my Alexa away from me, and we will have words...


    I can see both sides of this discussion. The time expense in maintaining an HTTPS interface along side an unencrypted one means constant tracking of web security, plugin interoperability, and client compatibility. I deal with this all the time in the field of work I deal in.

    That said I think being able to natively encrypt login and activity traffic to the HS3 management interface will be a nice feature for those who want to host it on their public WAN interface without network infrastructure handling the secure encryption.

    Personally, I buy products that are focused and are designed to do their job well. I bought HS3 because it is a solid event engine, integrates with many of my other home devices, runs on my local LAN, and it does not rely on a cloud based service or my ISP connection to perform primary functions. Touching my management interface securely was not a primary driver for my purchase. MYHS works well enough, if I ever have to remote in and make a change, as I don't have to touch HS3 often once devices/events are tested and implemented. I don't have to use HS3touch much either as everything just works. I opted to implement a reverse proxy because filling the HTTPS offloading need is a major part of what it was designed specificallh to do. I will say after I got my reverse proxy in place I have been interested in seeing what I could integrate with it more than anything.


    Sent from my iPhone using Tapatalk
    Last edited by Kerat; June 21, 2017, 01:13 PM.

    Leave a comment:


  • lifespeed
    replied
    Originally posted by Pete View Post
    I do not utilize myhs here and have no issues with my HSTouch clients inside or outside of my network direct or via a VPN tunnel (which is what I use today).

    What OS client for HSTouch are you using today?

    For external access of HSTouch server have you configured your firewall to allow the HSTouch port utilized to pass?
    Yeah, did all that using the Android client. I'm not infallible, but still pretty familiar with how to operate my router and network. So as not to derail this thread, please check the topic here. If there is anything I missed I would still like to get this working.

    Leave a comment:


  • Pete
    replied
    I do not utilize myhs here and have no issues with my HSTouch clients inside or outside of my network direct or via a VPN tunnel (which is what I use today).

    What OS client for HSTouch are you using today?

    For external access of HSTouch server have you configured your firewall to allow the HSTouch port utilized to pass?

    Leave a comment:


  • lifespeed
    replied
    Originally posted by waynehead99 View Post
    HS doesn't need a cloud to work, but they do offer cloud type services (MyHS). You don't need these services to have HS work. The cloud services that are offered, are there to enhance the functionality, but not required. If you want to connect your HS remotely without using their cloud service, you can create your own setup with minimal effort, though I think for most it would expose you to more risk vs just using HS's servers.
    I tried to connect HSTouch to HS3 without using myhs. Couldn't get it to work, despite every other service on my network being available to the internet at large. Also, I have been told that HTTPS access on port 443 doesn't really work either. I chose not to waste my time trying at this point, although I admit this is secondhand information.

    I'm not sure how well standalone remote access actually works. Right now I have only managed to get insecure HTTP on port 80, and HSTouch using myhs working.

    Leave a comment:


  • waynehead99
    replied
    Originally posted by lifespeed View Post
    Like most on this thread, perhaps even many of Homeseer users, I am not a consumer of "The Cloud". I have very modest computer networking skills, and do the basics like stati-cize my external IP. I have my own media server, ftp server, and other remote access to my network which is all secure.

    When I bought Homeseer a couple weeks ago I expected to continue down this path; running it entirely on my home network. It seems to me all these cloud services are mostly a crutch for those who can't/won't learn simple network configuration. Video cameras and doorbells that store on internet servers rather than locally, connecting to a "cloud service" rather than your home network with local storage to access? Makes no sense.

    So I am glad to see direct access will be offered. That said, I hope it is also supported. And I don't mean hand-holding tech support, but rather working functionality and addressing of software issues.

    Thank you,
    I think we sometimes lose focus of the bigger picture here related to iOT devices and the cloud. It's not going anywhere (I have been fighting it for a long time in my day job and have finally had to give in because its the future). People on this forum are power users, they are not the average Joe. We know what a "cloud" is, and know why we don't want it. But most of the devices created these days are not for us as a market because we probably don't even make up 1 percent. A company is going to put its time and efforts where it knows it will make the most money, and cloud computing and iOT devices is where the money is at, and Rich blatantly stated this earlier in this thread, again we forget on this forum that we are not the only ones here and there are others with less skills that are paying money to HS, and so HS needs to appeal to everyone. They aren't a big company, and resource limited, so they need to make the decisions where it makes sense to spend the money, to make the money.

    That being said, I picked HS for a reason. I don't want to rely on a cloud. HS doesn't need a cloud to work, but they do offer cloud type services (MyHS). You don't need these services to have HS work. The cloud services that are offered, are there to enhance the functionality, but not required. If you want to connect your HS remotely without using their cloud service, you can create your own setup with minimal effort, though I think for most it would expose you to more risk vs just using HS's servers.

    Lets be easy on those that do use the cloud services offered, they aren't as smart as you, yet they want to be able to do the same thing that we do. Plus I highly doubt that everyone is staying away from iOT devices. I am not a fan of what they have done to the HA ecosystem, but try and take my Alexa away from me, and we will have words...

    Leave a comment:


  • lifespeed
    replied
    Not a cloud consumer

    Like most on this thread, perhaps even many of Homeseer users, I am not a consumer of "The Cloud". I have very modest computer networking skills, and do the basics like stati-cize my external IP. I have my own media server, ftp server, and other remote access to my network which is all secure.

    When I bought Homeseer a couple weeks ago I expected to continue down this path; running it entirely on my home network. It seems to me all these cloud services are mostly a crutch for those who can't/won't learn simple network configuration. Video cameras and doorbells that store on internet servers rather than locally, connecting to a "cloud service" rather than your home network with local storage to access? Makes no sense.

    So I am glad to see direct access will be offered. That said, I hope it is also supported. And I don't mean hand-holding tech support, but rather working functionality and addressing of software issues.

    Thank you,

    Leave a comment:


  • Moskus
    replied
    Originally posted by rjh View Post
    It is not a big a deal to add SSL support, but it does not appear to be the best use of our time, considering we have a solution that fits most users.
    Thank you for saying it, I appreciate it.
    I do not agree, but I appreciate it non the less.

    Originally posted by rjh View Post
    It would be a support mess if added as a supported feature as novice users would have so many problems getting it working. (Browser errors, port forwarding, SSL certs, etc.)
    Yes, I see your point. But add it under it's own section under network, labeled "YES I HOPE I KNOW WHAT I'M DOING AND I PROMISE TO NOT CALL SUPPORT IF THIS FAIL".


    Originally posted by rjh View Post
    That being said, I understand the concern of many of our core users. The next build of HS3 has a new "Labs" section in Setup where we can add things that we would only support on the forum. If SSL was added there, that solves the support issue and gets you the feature. The Labs section will allow us to roll out features without calling the entire build a "Beta".
    Wow. Just wow! Cool feature looking forward to it!

    Leave a comment:


  • sirmeili
    replied
    Originally posted by rjh View Post
    Yes, we have our own web server built in, and yes, there are probably some open source web servers, but ours was build over 10 years ago. There wasn't much available back then and Microsoft would not allow IIS to run on anything but Windows PRO and Server. We have customized it so much over the years, hence the reason we stick with it. It is not a big a deal to add SSL support, but it does not appear to be the best use of our time, considering we have a solution that fits most users. It would be a support mess if added as a supported feature as novice users would have so many problems getting it working. (Browser errors, port forwarding, SSL certs, etc.)

    That being said, I understand the concern of many of our core users. The next build of HS3 has a new "Labs" section in Setup where we can add things that we would only support on the forum. If SSL was added there, that solves the support issue and gets you the feature. The Labs section will allow us to roll out features without calling the entire build a "Beta".
    This sounds like the best of both worlds and I'm excited to see what kinds of things will make it to the "Labs"

    Leave a comment:


  • ewkearns
    replied
    Originally posted by rjh View Post
    Just to be clear, we do support https, just go to https://myhs.homeseer.com. No other HA system supports https directly to thier system. If you use myhs you are encrypted from your browser to your system with SSL that is always kept up to date.
    OK, given that..... can you give us a "Best Practices" heads-up on how to properly configure the Tools > Network settings, if exclusively using myhs.homeseer.com.

    Is there any point of more than one user?

    Why do I get tons of "Client Command Retry" errors with myhs?

    Leave a comment:


  • rjh
    replied
    Yes, we have our own web server built in, and yes, there are probably some open source web servers, but ours was build over 10 years ago. There wasn't much available back then and Microsoft would not allow IIS to run on anything but Windows PRO and Server. We have customized it so much over the years, hence the reason we stick with it. It is not a big a deal to add SSL support, but it does not appear to be the best use of our time, considering we have a solution that fits most users. It would be a support mess if added as a supported feature as novice users would have so many problems getting it working. (Browser errors, port forwarding, SSL certs, etc.)

    That being said, I understand the concern of many of our core users. The next build of HS3 has a new "Labs" section in Setup where we can add things that we would only support on the forum. If SSL was added there, that solves the support issue and gets you the feature. The Labs section will allow us to roll out features without calling the entire build a "Beta".

    Originally posted by Moskus View Post
    The only legitimate reason I can think of is "it will take too much of our time to make a proper web server to HS". And that's what I'm hearing. Please just say that if it's true.

    I can understand it, but that doesn't mean I'm happy about it.

    Leave a comment:


  • mrhappy
    replied
    Originally posted by Moskus View Post
    Perhaps the proper word is "include" or "replace". There IS a web server in HS3 now, but I'm not sure who made it.
    I'm sure it was Rick who posted a good few years ago that the HS web server was completely custom. I don't know if this changed with HS3, seems a bit of a sledgehammer approach IMHO but guess they have reasons for it.

    Leave a comment:


  • Moskus
    replied
    Perhaps the proper word is "include" or "replace". There IS a web server in HS3 now, but I'm not sure who made it.

    Leave a comment:


  • lifespeed
    replied
    Originally posted by Moskus View Post
    The only legitimate reason I can think of is "it will take too much of our time to make a proper web server to HS". And that's what I'm hearing. Please just say that if it's true.

    I can understand it, but that doesn't mean I'm happy about it.
    Isn't "making" a web server re-inventing the wheel? Aren't these available open-source? I guess there could be licensing issues with a commercial product.

    Leave a comment:


  • Moskus
    replied
    The only legitimate reason I can think of is "it will take too much of our time to make a proper web server to HS". And that's what I'm hearing. Please just say that if it's true.

    I can understand it, but that doesn't mean I'm happy about it.

    Leave a comment:


  • tonlof
    replied
    Secure tunnels to localhost

    I have not read whole thread but ngrok but I found this solution for any local host server.
    It's very simple to create a reverse secure tunnel.
    Just download the exe file, execute it with
    ngrok http 81 (hs portnumber)
    It will show you a random https link that you can access from outside.
    Be aware that it will load hs as local ip so you need to uncheck no password for local network in hs3.
    Not needed if you create an account on their website. Then you can run
    ngrok http -auth "myusername:mypassword" 81
    The program also have a great log/debug of all traffic.
    Access the live viewer from the same machine as the ngrok is started. http://127.0.0.1:4040
    There are both free and pricing plans.
    https://ngrok.com/product#pricing

    Leave a comment:

Working...
X