Connection over SSL
Sariel opened this issue ยท 8 comments
I currently have mineload installed on my webhost which uses SSL. I noticed that when i'm connected over HTTPS I can see incoming data, but cannot request anything. Is there a setting somewhere that can be set to force SSL?
Sorry for the late reply, cs has been pretty hectic this month. I will investigate whether I can get SSL working in the next release when I finish the internal http branch in the plugin.
As awesome as SSL is, unfortunately I have very little experience with using it in http. If you could briefly describe how the network is layed out/connected ports etc. I presume the web interface is being sent under https but the browser is preventing the AJAXs request (to fetch data from mini webserver in MineloadPlugin) which is not capable of secure sockets. I would imagine this would be very hard to implement and perhaps you would be better off somehow haveing a non-SSL host (port 80) making the communication.
Edit: Derp. Are the gauges working but not jsonapi requests? I think it would be the same reason.
Currently I have two servers. One is my web-host(which has SSL), and the other is my bukkit-host(it does not have SSL).
The gauges are working. After dedicating the better part of an hour, I realized the return stream was coming over port 80, which does not play well with SSL. The console actually shows it getting blocked by the browser:
[blocked] The page at https://#####.com ran insecure content from http://####/api/call?method=.....
I would assume that the gauges are working only because the data they need comes from an XML document, while the rest of the queries come from a serialized output. If this is the case, you could possibly allow SSL by using xml as a data stream instead of the serialized one. Just a thought though.
I have found that I can force my browser to allow the unsecured data from minecraft, but it breaks SSL for the entire session that I'm logged in.
Btw I'd just like to say, bravo on the plugin. It's just amazing, helped me find a couple x-rayers and get them off the server before they did any more damage.
I actually just had a thought come to me. Not sure how you return the json stream back to mineload gui, but what if you had a local php file that would get_file_contents, so it could be loaded locally from the webserver? So the whole datastream would essentially be from getmystuff.php or whatever you want to call it. I'm pretty sure you're doing the same thing when pulling up Mineload Updates from your site as jquery hates it when you pull stuff from outside the domain.
Idk though, I might just be in some type of sleepless caffeinated coderage atm though, so I might dive into the code and see what can be done to remedy my issue.
Yep you're spot on there, the XML is fetched that way because its an AJAX request. The $.getJSON() method however works across seperate domains. That's why I don't proxy it because it 'just worked' plus there is a speed advantage. I think you'll run into trouble with the WebSocket console still since its a persistent connection (php ain't good at that). This is fundamentally why MineloadPlugin v0.0.8 will have the web interface operating inside the plugin.
you're right I did run into issues with the web console, however i was able to return the JSON back to jsonapi.js through a local php page. however by doing so, I had to lose the JSON header info and ran into issues trying to force the callback(cb) procedure to accept the newly parsed JSON object. Through it all, it was only a moderate failure ^_^ but a great learning experience.
Haha nice. I wonder how hard it would be to create a working SSL implementation in MineloadPlugin in version 0.0.8. You might be interested in what I'm doing in the new HTTP branch which is completely re-written and has an api for other plugin devs to add 'views' to certain urls on the MineloadPlugin port. http://timatooth.com/mineload/apidocs/
The actual static content such as javascript, html, images, css etc will be stored in plugins/MineloadPlugin/www
Sorry it's been awhile since I responded, busy at work. Shouldn't be hard to force all traffic to forward to port 443 for SSL. However, a certificate would have to be on both the web UI and on the bukkit server. In my case, I can only have a certificate on the web UI. I think though by creating an intermediary between the two that is on the web side that actually hands the json stream to mineload would probably be the easiest option. It should work no matter what.
attached two flow charts that might make it a bit clearer of what i'm talking about.