Example site? Password protected?

[kevin]

The missing css file error is intentional - we include the file in the templates by default but do not supply a source file for it - it is for custom user css overrides if you would like to change the look/feel of the webapp without actually editing templates you can provide your own css.

From outside your LAN? Make sure that your ISP doesn't filter those ports you are using, otherwise just use a different port and map it to the internal port (80 or 443) and it should work fine.

You can bypass nginx all together by going straight to port 5000 for what it's worth, nginx just provides a lot of things gunicorn itself doesn't.

[Gordon]

100 % sure it is not blocked ports.
Non-ssl works great straight to any port I choose using the config file on github.
DNS seems to be the big problem but I need to start over in a more methodical way to figure out what is going on, and time is short.. plus its time for bed now...

[kevin]

Here is a new config that has been put together that has been tested through NAT, so any port should work - just map to port 443

Code: Select all

server {
   listen 80;
   return 301 https://$host$request_uri;
}

server {
    error_page 502 /502.html;

    listen 443 default_server ssl;

    ssl_certificate /etc/nginx/ssl/alarmdecoder.crt;
    ssl_certificate_key /etc/nginx/ssl/alarmdecoder.key;

    #ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_ciphers HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;

    #error_page 497 https://$host:$server_port$request_uri;

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 4k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    location / {
        try_files $uri @alarmdecoder;
    }

    location @alarmdecoder {
        proxy_pass http://127.0.0.1:5000;
        include uwsgi_params;
        uwsgi_param UWSGI_SCHEME $scheme;
        uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;

        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Scheme $scheme;
        proxy_redirect http://localhost:5000 https://$host;
    }

    location /502.html {
        root /opt/alarmdecoder-webapp/ad2web/static;
    }

    location ~ \.(jpg|jpeg|png|css|js)$ {
        root /opt/alarmdecoder-webapp/ad2web;
    }
}


There is a software update required within the webapp.

[Gordon]

...

There is a software update required within the webapp.

Can you elaborate? Which software?

[kevin]

When you login to your webapp, there should have been an "Update Available!" message to auto-update your webapp software. After this point, the configuration file posted works wonderfully for inside network as well as outside via NAT. SSL support is forced. Remember to change paths for your certs in the config. New image auto-generates these certs to match the config, but if you already generated your own certs, just make sure the path in the config is correct.


For existing users not using our new pi2 compatible image, there are some commands needed to be run in the ssh console to enable some of the new notifications as well as IP camera support

Code: Select all

sudo pip install twilio chump gntp
cd /opt/alarmdecoder-webapp/contrib
sudo sh opencv.sh


This will install the openCV library for processing and marking images (with face tracking) and some libraries for interfacing with different notification services, such as the SMS Gateway Twilio. If you haven't expanded your filesystem past the default, I suggest you do this via a

Code: Select all

sudo raspi-config


and choosing "Expand Filesystem" - this will enlarge your root partition to be able to actually build the OpenCV module.

[Gordon]

AHH! I was looking at the Keypad App.. not the WebApp

[Gordon]

@KEVEIN:
Thanks for sticking with this issue and posting the latest nginx config file. It seems to work great here.