Comments (21)
@gjabell Thanks! I'll have a look at it in the afternoon.
from android.
@gjabell Thanks for your issue (:
Yeah it should be possible, later this week I'll have a look at it.
from android.
@jmattheis Sure thing! I might be able to contribute too if you want some extra help.
Looking forward to trying it out!
from android.
@gjabell That would be great (:, I myself have not much experience with self-signed certificates and android, so feel free to try it.
from android.
@jmattheis Looks like it isn't too hard to implement, I have some partial implementation already. Would you prefer that we disable SSL validation completely, or ask the user for their self-signed Certificate Authority certificate to use for validation?
from android.
Does it work at all with SSL? Because I've set up my already issued Letsencrypt certificate (certfile / certkey) and this work fine from the browser, but the Android client keeps returning status code 0. The server prints this log: http: TLS handshake error from 192.168.130.203:44707: remote error: tls: unknown certificate
Sorry for hijacking this thread, but it seems related ;)
from android.
@jvandenbroek All good! Are you connecting to your server from your phone with the IP address or hostname? Also can you list your server config file here (just put placeholders in place of the private information).
from android.
@gjabell Alright :) I'm using the hostname which works fine on the browser, so the certificate itself seems to be loaded fine.
My /etc/gotify/config.yml:
server:
port: 8084 # the port for the http server
ssl:
enabled: true # if https should be enabled
redirecttohttps: true # redirect to https if site is accessed by http
port: 4444 # the https port
certfile: /etc/letsencrypt/live/mydomain/cert.pem # the cert file (leave empty when using letsencrypt)
certkey: /etc/letsencrypt/live/mydomain/privkey.pem # the cert key (leave empty when using letsencrypt)
letsencrypt:
enabled: false # if the certificate should be requested from letsencrypt
accepttos: false # if you accept the tos from letsencrypt
cache: data/certs # the directory of the cache from letsencrypt
hosts: # the hosts for which letsencrypt should request certificates
- mydomain.tld
- myotherdomain.tld
database: # for database see (configure database section)
dialect: sqlite3
connection: data/gotify.db
defaultuser: # on database creation, gotify creates an admin user
name: admin # the username of the default user
pass: admin # the password of the default user
passstrength: 10 # the bcrypt password strength (higher = better but also slower)
uploadedimagesdir: data/images # the directory for storing uploaded images
Where 'mydomain' is the correct domain dir I use for all my apps. Running with root (only during testing of course ;)), so no permission issues.
Btw I also tried the default port 443, same issue.
Edit: I'm using the prebuild arm64 binary, maybe has something to do with that?
from android.
@jvandenbroek Ah, ok, I think I know the issue. Letsencrypt should give you multiple files, one is cert.pem and another is fullchain.pem. Fullchain.pem has the entire certificate chain in it, and that's the one you want to use. I just got the same error message as you when testing your config locally, but if I change the certfile line to be /etc/letsencrypt/live/mydomain/fullchain.pem
it works for me :) Can you try that out?
from android.
@gjabell Great, that seems the culprit! Thank you, I could have tested that myself.. Was a bit mislead by the fact it works with only the privkey file when accessing from desktop :)
from android.
@jmattheis Looks like it isn't too hard to implement, I have some partial implementation already. Would you prefer that we disable SSL validation completely, or ask the user for their self-signed Certificate Authority certificate to use for validation?
It would be great to support both, I guess adding the self-signed certificate would be more secure than just disabling it.
from android.
@jvandenbroek Glad to hear it :) yeah it's a bit confusing, I think in browser the cert is enough to prove that it's from letsencrypt but I guess if you're accessing it from android you need the full chain.
@jmattheis Yeah that's a good point. I guess I can just add some options to the login screen to either disable SSL validation for the current login or select a certificate authority file from the filesystem?
from android.
@jmattheis Alright, just opened a merge request in #15 :) sorry there are so many changes. If you want me to explain any of the changes I made or want something done differently just let me know. I tested it using both my self-signed cert and also a LetsEncrypt cert and didn't have any issues, but if you find anything not working let me know and I'll fix it.
from android.
It's pretty trivial to setup a Traefik reverse proxy with automatic LetsEncrypt provisioning if you deploy via docker.
from android.
@Leopere Yup, but if Gotify is hosted inside an internal network then letsencrypt is not an option cause it shouldn't be visible to the outside.
from android.
from android.
It's possible, just more work than using a self-signed CA especially if you are provisioning lots of clients. You can also run into rate-limit issues if you have many certificates to issue.
from android.
from android.
It depends on the context, obviously since I'm running all of my services for myself, using SSL/TLS for internal networks is a bit overkill (gotta get that green lock though!), but in a corporate setting it's equally as important to encrypt internal as external traffic.
from android.
from android.
Done in #15
from android.
Related Issues (20)
- Gotify is not responding HOT 2
- not being able to connect to my gotify server HOT 8
- Feature request: Allow per-app notification sounds HOT 1
- Feature request: change links colour in dark mode HOT 1
- Not showing images on Android 14 HOT 4
- Feature request: alert and panic mode HOT 1
- Feature Request: Save and / or zoom notification image HOT 4
- What relative paths of Gotify endpoint does the App connect to? HOT 1
- Gotify Android "acknowledge" Button HOT 3
- about notification HOT 1
- Feature: Allow Redirects HOT 2
- Release plans? HOT 3
- Feature: Snooze Notifications HOT 1
- Workaround `MAX_PACKAGE_NOTIFICATIONS` HOT 3
- App constantly disconnects with EOFException at WebSocketReader.readHeader HOT 6
- Functional Recommendations HOT 1
- inline image in markdown are not rendred anymore since last version HOT 1
- Custom android app using Gotify server HOT 4
- Android app doesn't retry connecting to server upon 404 error HOT 2
- Feedback from Playstore Reviews HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from android.