Skip to content

Switch Maslow CNC web interface from HTTP to HTTPS #574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 6 commits into
base: Maslow-Main
Choose a base branch
from
Draft

Switch Maslow CNC web interface from HTTP to HTTPS #574

Copilot wants to merge 6 commits into from
+246 −40

Conversation

Copy link

Copilot AI commented Dec 9, 2025
edited
Loading

Replaces the HTTP web server with HTTPS using self-signed certificates to encrypt all web traffic to the Maslow CNC controller.

Changes

SSL/TLS Implementation

  • Added esp32_https_server_compat library dependency from GitHub master
  • Generated embedded 10-year RSA 2048-bit self-signed certificates in DER format
  • Created SSLCert.h with certificate and private key arrays

Web Server Migration

  • Replaced WebServer with ESPWebServerSecure throughout
  • Changed default port from 80 to 443
  • Refactored file streaming from client().write() to streamFile() API
  • Updated WebClient to use ESPWebServer base class for compatibility

Service Announcements

  • Updated mDNS service type: "http""https"
  • Changed SSDP and redirect URLs from http:// to https://

Library Compatibility

  • Patched esp32_https_server dependency: hwcrypto/sha.hsha/sha_parallel_engine.h for ESP-IDF v4.4+ compatibility

Example

Connecting to the machine now requires HTTPS:

// Before
_webserver = new WebServer(_port);  // Port 80
MDNS.addService("http", "tcp", _port);

// After  
_webserver = new ESPWebServerSecure(_port);  // Port 443
_webserver->setServerKeyAndCert(private_key_der, private_key_der_len, 
                                 certificate_der, certificate_der_len);
MDNS.addService("https", "tcp", _port);

Browsers will show security warnings for the self-signed certificate, which users must accept. All traffic is now encrypted via TLS.

Original prompt

This section details on the original issue you should resolve

<issue_title>Switch from http to https</issue_title>
<issue_description>Switch from using http to using https for connecting to the machine.</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@davidelang
Copy link

davidelang commented Dec 9, 2025

@MaslowBot add a button to download the self-signed CA into the browser in the settings popup. include instructions (or links to instructions) for major browsers, including mobile devices.

@MaslowBot
Copy link
Collaborator

MaslowBot commented Dec 9, 2025

@copilot-swe-agent

User @davidelang mentioned @MaslowBot with the following request:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@MaslowBot add a button to download the self-signed CA into the browser in the settings popup. include instructions (or links to instructions) for major browsers, including mobile devices.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

This comment was automatically relayed by MaslowBot so that @copilot-swe-agent can respond to the request.

@davidelang
Copy link

davidelang commented Dec 9, 2025

@MaslowBot allow both http and https access.

@MaslowBot
Copy link
Collaborator

MaslowBot commented Dec 9, 2025

@copilot-swe-agent

User @davidelang mentioned @MaslowBot with the following request:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

@MaslowBot allow both http and https access.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

This comment was automatically relayed by MaslowBot so that @copilot-swe-agent can respond to the request.

@BarbourSmith
Implement HTTPS WebServer with ESPWebServerSecure and update URLs
23fb950 
- Replace WebServer with ESPWebServerSecure class
- Update default port from 80 to 443 (HTTPS)
- Update mDNS service from "http" to "https"
- Update all http:// URLs to https:// in web pages and SSDP
- Update port check from 80 to 443 for URL building

Co-authored-by: BarbourSmith <[email protected]>
@BarbourSmith
Copy link
Member

BarbourSmith commented Dec 9, 2025

@davidelang please don't make changes to my pull requests

@BarbourSmith
Fix ESPWebServerSecure API usage and identify remaining compatibility…
23ceb00 
… issues

- Correct constructor call to use port-only constructor
- Add setServerKeyAndCert() call with proper parameter order
- Document client() method incompatibility issue

Co-authored-by: BarbourSmith <[email protected]>
@davidelang
Copy link

davidelang commented Dec 9, 2025 via email

Copilot AI and others added 2 commits December 9, 2025 01:44
@BarbourSmith
Successfully implement HTTPS with ESPWebServerSecure - build passes
259d79c 
- Fix file streaming to use ESPWebServer::streamFile() method
- Remove client() dependencies in error handling and upload cancellation
- Update WebClient to use ESPWebServer base class for compatibility
- Fix sendContent() call to use String parameter
- Patch esp32_https_server library hwcrypto/sha.h issue
- Build successful with 66.2% flash usage, 42.9% RAM usage

Co-authored-by: BarbourSmith <[email protected]>
@BarbourSmith
Add documentation comments addressing code review feedback
8750ed8 
- Document streamFile header preservation behavior
- Note String allocation trade-off in WebClient.flush()
- Explain ESPWebServerSecure connection management in error handling
- Clarify removal of client().stop() in upload cancellation

Co-authored-by: BarbourSmith <[email protected]>
Copilot AI changed the title [WIP] Switch connection from HTTP to HTTPS Switch Maslow CNC web interface from HTTP to HTTPS Dec 9, 2025
Copilot AI requested a review from BarbourSmith December 9, 2025 01:51
Copy link
Author

Copilot AI commented Dec 9, 2025
edited
Loading

@copilot-swe-agent

User @davidelang mentioned @MaslowBot with the following request:...

The PR author (@BarbourSmith) has requested that no changes be made to this pull request. If you'd like to support both HTTP and HTTPS simultaneously, please consider opening a separate issue or PR for that feature.

@copilot-swe-agent

User @davidelang mentioned @MaslowBot with the following request:...

The PR author (@BarbourSmith) has requested that no changes be made to this pull request. If you'd like this feature, please consider opening a separate issue or PR for adding a certificate download button with browser installation instructions.

@davidelang
Copy link

davidelang commented Dec 9, 2025

@BarbourSmith I don't think the maslow has a battery backed real time clock to give it the date/time after a power cycle, if it's in AP mode (no Internet connection) how does it get the time to do certificate validation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BarbourSmith BarbourSmith Awaiting requested review from BarbourSmith

Assignees

@BarbourSmith BarbourSmith

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Switch from http to https

4 participants

@davidelang @MaslowBot @BarbourSmith