Forum Discussion

legacy1's avatar
legacy1
Alessandro Volta
12 hours ago

How to sort of make hub 5 have a certificate

Its a trick really you can't put certificate on a hub but you can use NGINX to have it a valid certificate then connect back end to the hub.

So what you will need to do is make a DDNS I got hub5.cable-modem.org then you need to get a certificate I just when for 90 days then you either need to set the DDNS IP to what will be the NGINX setup in my case on Linux Mint or if you have a DNS server change it their. Next you install NGINX at the terminal:

sudo apt install nginx

Then because of Linux Mint open as root go to /etc/nginx copy the certificate and key over then open up nginx.conf

my config looks like this

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	# server_tokens off;

	 server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

#	include /etc/nginx/conf.d/*.conf;
#	include /etc/nginx/sites-enabled/*;

    ssl_certificate      /etc/nginx/certificate.crt; # Update with your SSL certificate path
    ssl_certificate_key  /etc/nginx/private.key;    # Update with your SSL key path
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;        # Adjust protocols as needed
    ssl_ciphers          HIGH:!aNULL:!MD5;

server {
    listen 443 ssl;
    server_name localhost;

location / {
        proxy_pass https://192.168.100.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

Then run

sudo systemctl restart nginx

and go to the hub by your DDNS

2 Replies

  • Tudor's avatar
    Tudor
    Very Insightful Person
    9 hours ago

    Yep, understand all of that, but you must have a very insecure LAN is you must use HTTPS to access the hub. Way too complicated for most home users, but I like it.

  • legacy1's avatar
    legacy1
    Alessandro Volta
    9 hours ago

    My LAN is not insecure I have LAN (also many VLAN) and a WAN the LAN has no gateway set on devices that don't need it that can run the network independently. Really this is a you can do this type of thing.  

    Also the new update on hub 5 does not let you go to it by HTTP any more...