Sign up here and you can log into the forum!

Secure Webend?

General homebrew discussion area

Secure Webend?   

Postby rhough01 » Wed Aug 19, 2015 12:13 am

Hi

I've just upgraded to 0.5.1.1 / 0.5.2.2 and have started to use rTorrent for the first time via a private tracker. Nice handy feature.

I have changed the webend default password, and can happily access the little box from outside my router.

Is there a way to make the login go via HTTPS rather than HTTP to encrypt this password?

I know WDLXTV wasn't designed to have external access, but it would be handy to access it now and again in a more secure environment.

On another note, I seem to be having difficulty changing the webend password a second time. It kept my old (non default) one from before the firmware upgrade, but every time I change it and reboots - it doesn't "stick"

Thanks
rhough01
n00b
 
Posts: 6
Joined: Mon Oct 24, 2011 1:05 pm

Re: Secure Webend?   

Postby mad_ady » Thu Aug 20, 2015 4:40 am

I don't know about passwords not sticking, but in theory you can configure the apache server to start on 443 with HTTPS. However, you'll need to manually edit apache's config file (which is in the read only part of the firmware) and override the original file. It's doable, but you need to understand what you're doing... :)

Here's a more secure alternative - use ssh to connect from the internet and tunnel port 80 through ssh.
User avatar
mad_ady
Developer
 
Posts: 4522
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: Secure Webend?   

Postby rhough01 » Thu Aug 20, 2015 7:48 am

Thanks for taking the time to reply. I'm not not going near the firmware. You got me at "need to know what you are doing".... :D

I will look at the tunnel through SSH instead.

I was planning on building an OpenVPN box on a raspberry pi soon - might be another way to keep things secure?

Cheers!
rhough01
n00b
 
Posts: 6
Joined: Mon Oct 24, 2011 1:05 pm

Re: Secure Webend?   

Postby mad_ady » Thu Aug 20, 2015 10:18 pm

Sure. OpenVPN will also work, but ssh should work out of the box. For example (if you are connecting from a linux system):
Code: Select all
ssh -L12000:127.0.0.1:80 public.ip.of.wdtv

Then you connect on your client to http://127.0.0.1:12000 and you get redirected via the ssh tunnel to the WDTV's web interface, as if you were connecting from the WDTV itself. This has the added benefit that in the current wdtv's configuration you are not asked for authentication. If you want to be asked, replace 127.0.0.1 with your WDTV's private ip in the command above.

Look for guides on how to do the same thing with putty if you're using windows on your client system.
User avatar
mad_ady
Developer
 
Posts: 4522
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: Secure Webend?   

Postby rhough01 » Mon Aug 24, 2015 11:03 pm

Excellent. Thanks again, I will give this a try
rhough01
n00b
 
Posts: 6
Joined: Mon Oct 24, 2011 1:05 pm


Return to WDTV G2 & WDTV Live homebrew discussion

Who is online

Users browsing this forum: No registered users and 1 guest