SSL support about txadmin HOT 18 CLOSED

I use NGINX to proxy the port I have txadmin running on and a legs encrypt certificate, it's not really that hard just need yo set it all up.

There's a few good guides out there just follow one of them by googling ssl certificate setup with nginx

I should also mention I'm running the admin panel on a Linux/Ubuntu server

from txadmin.

I'm going to add SSL compatibility in the upcoming versions.
For now, I must first implement a "Advanced settings" tab.

Just not sure how to implement everything needed atm.

from txadmin.

SSL working fine, but is it possible to block access from http if https is enabled?

For now? No, If you really want to enforce it, make sure to only open the HTTPS port in your firewall rules.

from txadmin.

Maybe something like this:

https://cheapsslsecurity.com/blog/how-to-install-ssl-certificate-on-node-js/

Again not familiar with how nodejs apps work so not sure if it is as simple as adding this kinda of code or not.

from txadmin.

Thank you for answering, it works great and I love it, was just trying to make it more secure.

from txadmin.

Just leaving this here as a note for my self:
For a tutorial, might be cool to include how to generate a certificate using https://zerossl.com/

from txadmin.

A note, there are plenty of Node packages which would allow you to add ACME support, allowing for automatic and free certificate generation and management if you wanted completely transparent and automatic HTTPS support.

from txadmin.

@JoeBiellik Sounds interesting. I will check some projects for sure (greenlock-express and the acme package for example).

I'm just worried how this would go with admins that already have their own certs issued. Maybe subdomains would be the way to go?
IDK, will have to think about it for a while.

from txadmin.

it might not be important but I do all of my SSL certificate handling through Nginx with the Lets Encrypt Certbot. wasnt too hard. and it seems to give the certificate easy and redirects you to a https connection

from txadmin.

Here's the deal, adding SSL support ended up being way more complicated than I was expecting since FiveM's PerformHttpRequest method doesn't seem to be able to handle HTTPS requests.
So, we would need to have one HTTP and one HTTPS endpoint.

I tested the httpolyglot lib and it seems to work fine for having both http and https running in the same port, but seems a bit hacky.
Then the next option would be to have two ports, one for http and one for https.
That also doesn't seems like a great idea because you would need to force it in your request URI.

And since the browsers/protocols really don't handle protocol mismatch at all, I would be bombarded by people saying that txAdmin doesn't work because they are using the wrong protocol in the wrong port (the browsers usually say the page isn't working).

So, how i'm going to deploy it right now:

• BETA feature not present in the menu
• the key and cert paths will be hardcoded to the data folder
• to turn it on you need to set the cfg.webServer.httpsPort to something

This solution is clearly not "Homer Simpson-friendly", but to be honest that's a bit by design.
I think the best solution would be to default to 80/443, but unless we have the ability to run multiple servers in the same txAdmin instance, that is not possible.

For reference, this decision was somewhat inspired by these two threads from Kibana:
elastic/kibana#10948
elastic/kibana#10181

Note: this is clearly not a 1-to-1 comparison since the average skill of a Kibana admin is way higher than a fxserver admin.

from txadmin.

"Solved" by 27585e2

from txadmin.

SSL working fine, but is it possible to block access from http if https is enabled?

thanks

from txadmin.

yea I allready try it, but it start spam in console
[txAdminClient] Logger upload failed with error: request timed out [txAdminClient] HeartBeat failed with code 0 and message: nil

from txadmin.

That's because the txAdminClient resource need to use HTTP, make sure to allow connections from localhost.

from txadmin.

yea, that seems work, thank you!

from txadmin.

Seems to be working fine, and since no one is asking for anything else, I will just finish this.
Might add priv key encryption support, but since the config is in a json file i'm not sure if that's that relevant after all.

Let me know if anyone disagrees or have anything else on this topic.

from txadmin.

Hey, is it currently still possible to set up HTTPS and use an SSL certificate?
If yes, how? It looks like the documentation from 27585e2 got removed

from txadmin.

I can't seem to find config.json inside of data/
anyone knows the complete directory?

from txadmin.