Local non-SSL connection to gateway

iOS is giving me fits accessing my gateway locally due to certificate mismatch so I would like to access my gateway locally on port 80 (or 8080). I see that iptables is redirecting 80 -> 8080 but 8080 (node) is redirecting to 443. Is there a straightforward way to allow non-SSL connections to the gateway from the local/private network?

You should be able to accept the certificate in Safari still.

To allow local non-SSL connections, you’d have to either:

  1. Remove your SSL certs, OR
  2. Make some changes to the source

I’m am able to access it from safari but when I pin it as an app to my home screen I get a failure message that I can’t click through when I launch it from there. Not a huge deal.

Oh, I see. I’ve actually encountered several issues with pinning it to the home screen in iOS, like being unable to refresh.

I found something that was just as good, though. You can use the Shortcuts app to make a shortcut which launches the URL of your gateway, then add that shortcut to the home screen.

2 Likes

Hi @chockg, I’ve done the same shortcut trick as @mrstegeman on iOS and it works fine for me.

1 Like

This is super helpful. Thanks to you both

@mrstegeman What do you think about allowing plain HTTP access to gateway.local or a local IP address (which would otherwise always generate a certificate error) and only automatically redirecting requests from 80 to 443 for a fully qualified domain name on the Internet?

It could still be possible to manually type https:// in order to use a self-signed certificate for local access.

I think it’s worth some exploration to see if it causes any issues. I guess the biggest downside is that if you (a user) have certificates set up, you’d probably be expecting the gateway to always use HTTPS.

That assumes the user even realises that in choosing a free subdomain they have configured the gateway to use that certificate for all hosts.

I do think this warrants further investigation and possibly experimentation, so I’ve filed https://github.com/mozilla-iot/gateway/issues/2394