Setup NGINX HTTPS to HTTP Proxy - SamsungResearchUK-IoT-Meetup/multimode_sensor_platform GitHub Wiki
Setup NGINX HTTPS to HTTP Proxy
This page explains how to setup NGINX as a HTTPS to HTTP proxy in order to render web pages from the microWebSrv in HTTPS from HTTP. This is needed if you want to view the /ARindex.html page over your browser and expose the Augmented Reality interface on your phone.
At the time of writing the HTTPS part of the Web Server may not be complete. Hence the need for the HTTP to HTTPS proxy when using Augmented Reality (AR). The reason for this is that AR applications require the browser to activate the camera on the device. To stop man in the middle attacks on your data, the web browser enforces a connection over HTTPS (i.e. it forces end to end encryption).
Installing NGINX
To install NGINX on Linux do:
$/> sudo apt-get update
$/> sudo apt-get install nginx
This will install and start NGINX on your system. You can check this by looking for the status of the NGINX service on your machine:
$/> service nginx status
β nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-09-30 19:33:07 BST; 1h 3min ago
Process: 1426 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUC
Process: 1217 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, sta
Main PID: 1430 (nginx)
Tasks: 5
Memory: 8.1M
CPU: 1.382s
CGroup: /system.slice/nginx.service
ββ1430 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
ββ1431 nginx: worker process
ββ1432 nginx: worker process
ββ1433 nginx: worker process
ββ1434 nginx: worker process
Setup Encryption Certificates And Keys
SSL or TLS requires the setup of encryption certificates and keys. You can purchase your own - which is beyond the requirements of this demo - or have a self signed certificate. The certificate should go into the NGINX directory here:
$/> cd /etc/nginx
$/> sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
Use Configuration File
There is a configuration file created to get you up and running. The file is stored here. The configuration file for NGINX is stored within /etc/nginx/sites-enabled, this is where you need to copy the default file.
Once the file is copied over, use you favourite text editor to change the values micropython IP address to the IP address of your running micropython board. This is at line number 30 and 33 and looks like:
# Fix the βIt appears that your reverse proxy set up is broken" error.
proxy_pass http://<micropython IP address>:8000;
proxy_read_timeout 90;
proxy_redirect http://localhost:8000 https://<micropython IP address>:8000;
On your terminal window that is running your micropython application you should see the IP address being output to the screen:
>>> import start
WiFi Manager bringing up wlan interface.
Trying to connect to SSID: Samsung-test
Retrying to connect. Trying 0 of 5's
Retrying to connect. Trying 1 of 5's
Retrying to connect. Trying 2 of 5's
Retrying to connect. Trying 3 of 5's
WiFi Manager is now monitoring the connection
We have a WiFi connection. Bringing up web server
To disconnect first import all objects from start.py: '>>> from start import * '
Then to disconnect do: '>>> myWifi.disconnect()' at your repl prompt
DEBUG:microWebSrv:New thread started for Function: <bound_method> and with arguments: ()
*** Server now running! ***
>>> DEBUG:microWebSrv:Server Process is now started. About to accept SOCKET incoming connections
Connected on IP: 192.168.43.223
Connected on IP: 192.168.43.223
Connected on IP: 192.168.43.223
Use your IP address in the NGINX configuration file. In this case I would use 192.168.43.223
You now need to activate the default configuration of NGINX. To do this the easiest way is to stop and start the service via a Linux terminal like this:
$/> sudo service nginx stop
$/> sudo service nginx start
If micrpython is running the microWebSrv you should be able to visit the index page by typing the IP address of your local machine over https. (e.g. for my machine i would have ** https://192.168.43.213/ **)
If you can see the index file you are good to go. Otherwise go back to the setup of AR page and continue with your setup.