I have had this working with the free ngrok service in the early days of
this Skill ... but always fancied trying to get it working using nginx
so that I did not have to re-do linking on restarting ngrok (wasn't
convinced I would use it enough to justify paying for ngrok service to
avoid the relink on restart).
Now I have it working with nginx as the proxy ... I should have made
notes as I went through the steps and I still have a bit more to do ...
mainly enabling the automatic renewal of the certificate every 60-90
days.
The software building blocks that I used ... (all free)
dynu.com - Dynamic DNS to map my IP address to hostname which,
importantly, has API to help generate certificates ("acme" process)
acme.sh - script to generate and renew certificates (from Let's Encrypt
in my case)
ddclient - automatic renewal of dynamic hostname if my external IP
address changes
nginx - reverse proxy to authenticate inbound SSL connection and relay
as http to LMS
I used a non-standard port for the SSL connection (which I then
forwarded to a Raspberry Pi where all the above software is running) so
could not use the typical https process to generate the certificate ...
which is why I went for dynu.com and its support the the "acme" method
(see https://acme.sh ).
In addition to the username/password, I have also enabled a check of the
IP address that is issuing the request as an extra hurdle to be passed.
However, I need to do some more research on this as I know that the
skill can connect from a number of different Amazon IP addresses and
these could change in the future. Maybe I need to have a check for a
particular client certificate being presented but I have not checked to
see if Amazon/Skill provides one.
If the overall setup proves to be stable then I'll probably try to do it
again and write up the steps.
Paul Webster
http://dabdig.blogspot.com
Author Radio France (FIP etc) plugin
------------------------------------------------------------------------
Paul Webster's Profile: http://forums.slimdevices.com/member.php?userid=105
View this thread: http://forums.slimdevices.com/showthread.php?t=111016
_______________________________________________
plugins mailing list
plugins@lists.slimdevices.com
http://lists.slimdevices.com/mailman/listinfo/plugins
