Core: Deconz Integration uncapable of https / wss

Created on 1 Feb 2019  路  3Comments  路  Source: home-assistant/core

Home Assistant release with the issue:

0.85.1

Last working Home Assistant release (if known):
(-)

Operating environment (Hass.io/Docker/Windows/etc.):

HomeAssistant on Kubernetes (Helm Chart)

Component/platform:

DeCONZ (https://www.home-assistant.io/components/deconz/)

Description of problem:
The current implementation of the DeCONZ-Component is not capable of using encrypted connections to the REST Api or the webSocket. While DeCONZ is not capable of encrypting either, wrapping it's endpoints into an proxy doing tls-termination is trivial and does not cause any major issues apart of the lack of support on HomeAssistant's side.

pyDeconz just tries to talk plain http to the https endpoint:
2019-02-01 21:50:51 DEBUG (MainThread) [pydeconz.utils] Sending {'auth': None, 'data': b'{"devicetype": "pydeconz"}'} to http://deconz0:443/api 2019-02-01 21:50:51 ERROR (MainThread) [pydeconz.utils] HTTP status 400, response <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.14.2</center> </body> </html> .
Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

deconz:
  host: deconz
  port: 80

I did not try wrapping webSockets, but it should fail similarly. This topic is important to me, as even in an internal network encryption is a key-factor to our iot-solution and it is not bearable for us to run anything unencrypted after all. I would love to see direct support in homeAssistant for this, as it would get nasty to try to run another layer of tls-termination right before homeAssistant.
Traceback (if applicable):
(-)

deconz stale
Source
picture sh0rez

All 3 comments

Ok, how do I get an environment to test and verify that it works

Kane610 picture Kane610 on 10 Mar 2019

You need to get a running instance of deCONZ. Preferably using docker: https://github.com/marthoc/docker-deconz. But deCONZ probably requires raspBee or conBee to begin serving requests.

Then go ahead and wrap the HTTP port of the container (80) using e.g. nginx into HTTPS. I am using https://github.com/jwilder/nginx-proxy for this purpose.

The WebSocket port is another problem, it would need wrapping into WSS as well but jwilder/nginx-proxy is not capable of this by it's own. But nginx is capable, so according to this https://stackoverflow.com/questions/12102110/nginx-to-reverse-proxy-websockets-and-enable-ssl-wss it should be quick to add this config block.

So to start off, the HTTP to HTTPS thing should be easy, I can assist with configuring nginx to wrap the webSocket.

sh0rez picture sh0rez on 10 Mar 2019

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 馃憤
This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 7 Jul 2019
👎4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TheZoker picture TheZoker  路  3Comments
kirichkov picture kirichkov  路  3Comments
sogeniusio picture sogeniusio  路  3Comments
neonandu picture neonandu  路  3Comments
i-am-shodan picture i-am-shodan  路  3Comments