Skip to content

Notes and FAQs

Jump to bottom Edit New page
Jeremy Blum edited this page Feb 25, 2024 · 9 revisions

FAQ

Q: I see a scary red page when I navigate to my HTTPS site. Why!?
A: You're using a self-signed SSL cert. It's okay to ignore this message and proceed to the site. The V3 setup script makes installation of a signed certificate easy. I strongly recommend you try that.

Q: What's the deal with the hash?
A: A hash is a one way operation that ensures your passphrase is not stored in cleartext on your raspberry pi. In the event that somebody malicious accesses your Pi and gets the hash, they won't be able to back-calculate your passphrase, since hashes are a one-way operation.

Notes

Self-Signed Certificates vs. "Let's Encrypt" Signed Certificates

In 2015, GitHub user felixrr performed a security review of RWSOLS and pulled in self-signed SSL support.

In 2021, I released V3 Beta, which adds support for automatic configuration of a signed certificate from "Let's Encrypt." In 2023, I promoted V3 Beta to the main Branch, updated packages, and further enhanced the security with a password now required even to fetch the status of the machine being controlled.

I strongly recommend that you do enable encryption during the installation process. Even self-signed certificates dramatically improve the security of sending your wake/sleep passphrase over the web by encrypting the traffic. Of course, self-signed certs are not perfect. They will likely cause a warning message in your browser. This is because the certificate is not linked to a trusted certificate authority (CA). The implications of this are that a Man-in-the-Middle attacker could theoretically insert a certificate that they control into your communication with the Pi and as a result would be able to read the encrypted messages being transferred. Encryption using a self-signed certificate is not perfect, but much better than doing everything in the clear. Even better, is using a signed certificate. I recommend you try out v3 of this software and give signed SSL certificates a try!

Cloudflare DDNS

Getting the DDNS working with a Domain whose DNS is handled by CloudFlare can be a little tricky.

First, in your Cloudflare account, go to "My Profile > API Tokens". In the "API Tokens" section, click "Create Token". Configure the token with the following permissions: image

Note the token that is provided to you. On your Pi, ensure you are on the latest release using the newest ddclient. Then, the /etc/ddclient.conf file should look something like this:

# Generated by RWSOLS Setup Script: https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server
usev4=webv4
webv4=googledomains
daemon=300
ssl=yes
protocol=cloudflare, \
zone=<YOUR_URL_GOES_HERE>, \
login=token, \
password=<YOUR_API_TOKEN_FROM_ABOVE_GOES_HERE> \
<YOUR_URL_GOES_HERE>

(C) 2021 Jeremy Blum, Blum Idea Labs, LLC. This software is licensed under GPL v3

Add a custom sidebar
Clone this wiki locally