feat: allow to force disable SSL (#2562)

* feat: allow to force disable SSL

* fix: remove unused import

app.ts

@@ -122,6 +122,10 @@ const apisLimiter = rateLimit({
 	},
 })
 
+function sslDisabled() {
+	return process.env.FORCE_DISABLE_SSL === 'true'
+}
+
 // apis response codes
 enum RESPONSE_CODES {
 	OK = 'OK',
@@ -177,17 +181,32 @@ export async function startServer(host: string, port: number | string) {
 	const httpsEnabled = process.env.HTTPS || settings?.gateway?.https
 
 	if (httpsEnabled) {
-		logger.info('HTTPS is enabled. Loading cert and keys')
-		const { cert, key } = await loadCertKey()
-		server = createHttpsServer(
-			{
-				key,
-				cert,
-				rejectUnauthorized: false,
-			},
-			app
-		)
-	} else {
+		if (!sslDisabled()) {
+			logger.info('HTTPS is enabled. Loading cert and keys')
+			const { cert, key } = await loadCertKey()
+
+			if (cert && key) {
+				server = createHttpsServer(
+					{
+						key,
+						cert,
+						rejectUnauthorized: false,
+					},
+					app
+				)
+			} else {
+				logger.warn(
+					'HTTPS is enabled but cert or key cannot be generated. Falling back to HTTP'
+				)
+			}
+		} else {
+			logger.warn(
+				'HTTPS enabled but FORCE_DISABLE_SSL env var is set. Falling back to HTTP'
+			)
+		}
+	}
+
+	if (!server) {
 		server = createHttpServer(app)
 	}
 
@@ -282,23 +301,27 @@ async function loadCertKey(): Promise<{
 			'Cert and key not found in store, generating fresh new ones...'
 		)
 
-		const result = await createCertificate({
-			days: 99999,
-			selfSigned: true,
-		})
-
-		key = result.serviceKey
-		cert = result.certificate
+		try {
+			const result = await createCertificate({
+				days: 99999,
+				selfSigned: true,
+			})
 
-		await fs.writeFile(
-			utils.joinPath(storeDir, 'key.pem'),
-			result.serviceKey
-		)
-		await fs.writeFile(
-			utils.joinPath(storeDir, 'cert.pem'),
-			result.certificate
-		)
-		logger.info('New cert and key created')
+			key = result.serviceKey
+			cert = result.certificate
+
+			await fs.writeFile(
+				utils.joinPath(storeDir, 'key.pem'),
+				result.serviceKey
+			)
+			await fs.writeFile(
+				utils.joinPath(storeDir, 'cert.pem'),
+				result.certificate
+			)
+			logger.info('New cert and key created')
+		} catch (error) {
+			logger.error('Error creating cert and key for HTTPS', error)
+		}
 	}
 
 	return { cert, key }
@@ -905,6 +928,7 @@ app.get(
 			devices: gw?.zwave?.devices ?? {},
 			serial_ports: [],
 			scales: scales,
+			sslDisabled: sslDisabled(),
 		}
 
 		if (process.platform !== 'sunos') {

docs/guide/env-vars.md

@@ -25,6 +25,7 @@ This is the list of the supported environment variables:
 - `Z2M_LOG_MAXFILES`: The maximum number of files to keep in the log directory, if you add `d` suffix this will set the number of days to keep logs. Default is `7d`
 - `Z2M_LOG_MAXSIZE`: The maximum size of a single log file. Default is `50m` (50MB)
 - `NO_LOG_COLORS`: Set this env var to `'true'` to disable application log colors also in the console.
+- `FORCE_DISABLE_SSL`: Set this env var to `'true'` to disable SSL.
 
 These variables can be used when running the webpack dev server with HMR (most users will not need them):
 

docs/usage/setup.md

@@ -7,7 +7,7 @@ To configure ZWavejs2Mqtt, you must access it via your web browser at <http://lo
 - **Auth**: Enable this to password protect your application. Default credentials are:
   - Username:`admin`
   - Password: `zwave`
-- **HTTPS**: Enable this to serve the UI over HTTPS (Requires app reload).
+- **HTTPS**: Enable this to serve the UI over HTTPS (Requires app reload). **Requires openssl to be installed on the machine.**
 - **Plugins**: List of plugins to use. If the plugin you want to use is not listed just write the name or the path to it and press enter. More about plugins [here](/guide/plugins)
 - **Log enabled**: Enable logging for Zwavejs2Mqtt
 - **Log level**: Set the log level (Error, Warn, Info, Verbose, Debug, Silly)

lib/ZwaveClient.ts

@@ -64,7 +64,6 @@ import {
 	ZWaveNodeEvents,
 	SerialAPISetupCommand,
 	FirmwareUpdateFileInfo,
-	FirmwareUpdateInfo,
 } from 'zwave-js'
 import { getEnumMemberName, parseQRCodeString } from 'zwave-js/Utils'
 import { nvmBackupsDir, storeDir } from '../config/app'

src/components/Settings.vue

@@ -80,7 +80,12 @@
 											v-model="newGateway.authEnabled"
 										></v-switch>
 									</v-col>
-									<v-col cols="12" sm="6" md="4">
+									<v-col
+										v-if="!sslDisabled"
+										cols="12"
+										sm="6"
+										md="4"
+									>
 										<v-switch
 											hint="Enable this to serve page using HTTPS. REQUIRES APP RELOAD"
 											persistent-hint
@@ -1274,6 +1279,7 @@ export default {
 		return {
 			valid_zwave: true,
 			dialogValue: false,
+			sslDisabled: false,
 			newGateway: {},
 			newMqtt: {},
 			newZwave: {},
@@ -1563,6 +1569,7 @@ export default {
 					console.log(data)
 				} else {
 					this.$store.dispatch('init', data)
+					this.sslDisabled = data.sslDisabled
 					this.resetConfig()
 				}
 			} catch (error) {