WebUI inner workings and certificate

[Disappointed Cat]

Is there a way to change the certificate used by the webui? Is it hardcoded into the binary?

I don't mind if it generates it's own but I wan't it to be singned by my root CA.

I'm also interested in the inner workings of the webui. For example I assume it loads the files from the webui.zip and runs a micro webserver. Can I change things in the zip file and will it be overridden on restart or an update?

Also a small feature request: It would be nice if there'd be an option to force HTTPS and using a hash instead of clear text for passwords but I'm sure this was mentioned before.

[rdebath]

You can change the webui.zip, but you must do so after BTSync has started up and before the first web client connects.

The certificate is stored in the settings.dat file. As this is a bencode format file you can probably change it (delete the ".fileguard" tag) using a normal bencode editor when btsync isn't running. The format of the key looks standard to me.

Actually, I didn't know it could even do SSL, It doesn't seem to be in the user guide, I'm using "stunnel" to encrypt the connection.

[Disappointed Cat]

Thanks for the tip. I got it working.

Any ideas on disabling the HTTP version? I can't filter the usual ports here.

[Jero]

How do you enable https? if i change the port from 8888 to 443 nothing happens

[Disappointed Cat]

Try https://your.host.com:8888.

Don't ever use the port 443 manually.

[Jero]

Great! now a "disable http" option

[Disappointed Cat]

I have nothing on that. It's not a threat if you pay attention to never use it.

Also it'd be great if the client would log failed attempts so we can hook it up with fail2ban.

[baz]

Anyone know where I might look to see why I can't seem to connect to the web UI via SSL? In Safari it just hangs, and in Firefox on Ubuntu I get the following when trying to connect to https://192.168.30.95:8888

Secure Connection Failed


		 An error occurred during a connection to 192.168.30.95:8888.
You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:
Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.
(Error code: sec_error_reused_issuer_and_serial)

Connecting via http (http://192.168.30.95:8888) works just fine.

[rdebath]

Sounds like you saved the certificate in the browser then the certificate was changed in the BTSync webgui. BUT the "serial number" has been hardcoded instead of being sequential or random.

Hopefully this is BTSync's normal password and you just deleted the settings.dat file so now you have to delete the old certificate from your browser.

[baz]

Ok thx. I'm going to try removing and re-installing Firefox on Ubuntu. If that doesn't help, I'll create a completely new VM and install Firefox there.

[rdebath]

You don't have to uninstall, if you want a clean slate just make a new profile.

eg:

firefox -no-remote -ProfileManager

[baz]

Thanks! The re-install ended up fixing it for Firefox on Ubuntu. Now I'll get to googling how to create a new safari profile on my mac

Edit: Spoke too soon. SSL was working fantastic on my home machine with BitTorrent Sync gui and Firefox, so I attempted to load up my server's gui with SSL and got the same error. Seems like Firefox is complaining that there are two sites using the same certificate (same serial # of 00)?? Has anyone successfully used SSL with multiple Sync web guis in Firefox? I'm sure there must be a security setting I can adjust somewhere to tell Firefox to ignore this?