BensTech

BTS on QNAP doesn't show HTTPS

Recommended Posts

@BensTech By default, Sync's WebUI only provides http. You need to explicitly enable HTTPS (and Sync will propose the self-signed cert, causing browser security warning) in both BTS and Resilio Sync.

Share this post


Link to post
Share on other sites

I'm very surprised a company that is focused on security, would default to HTTP only and not allow from the Preferences to allow HTTPS. In the Sync WebUI on the NAS builds it shows "Connection settings overwritten by config" and I see no option for HTTPS even under "Open power user preferences" for version 2.4.1. Please advise how do I enable a secure connection for Resilio Sync. BT Sync enabled by default HTTPS, not so with Resilio.

Thanks

Share this post


Link to post
Share on other sites

Thank you for clarifying @RomanZ that security is now #2 priority over #1 priority of more users. This is VERY troubling and to me, a VERY serious problem and prevents me from deploying any more Resilio. I've been a BTS user for a long time.

 

EVERYONE: To NOT update to newer versions with Resilio since the QNAPs I've deployed Resilio under no longer support https. Resilio = NO SSL abilities for QNAP NASes.

 

Edited by BensTech

Share this post


Link to post
Share on other sites

@BensTech I would appreciate if you refrain from hasty and wrong conclusions. The fact that we do not enforce HTTPS doesn't mean it is not available.

Here is a sample screenshot from my lab NAS. No special tweaks, pure clean installation. HTTPS works just fine. Also proved working after upgrade 2.3.8 to 2.4.x. If you are willing to debug your issue - contact me over contact support form.

 

2016-12-05 21_41_02-Sync _ QNAP.png

Share this post


Link to post
Share on other sites

Your 1st screenshot was helpful and figured out a work-around to gain SSL access (port changed, not listed in config, and not available via app launch).

For anyone reading this forum. Resilio Sync changed the QNAP NAS https port #. It's now running under 14860. BitTorrent Sync had it under 14859.

The issues below still exist under 2.41. (672).

- on my QNAPS, when you launch to gain access to Resilio Sync, I see the following warning that "Secure connections (https://) are not supported for this application. Are you sure you want to open it? [Yes] [No]". That's pretty bad. "Supported" means does not work. When in reality, they do. But the app is pointing to the wrong URL:port. Please fix this.

QNAP No HTTPS Support.png

After clicking Yes, you get this Auth Required dialog. One needs to know to access this IP via "https://ip:14860" and then it's https protected. In the config, I see no option to force this. This is a mistake. We should be able to "Require" HTTPS connections. The Windows client even offers ability to allow only local connections, which is more secure (not possible with a NAS).

Clicking Open Results in HTTP Connection.png

Share this post


Link to post
Share on other sites

@BensTech It's not about config, it's more about QNAP package. It looks like Sync declares itself like app not supporting HTTPS. We'll check if this can be fixed with outr current integration with QTS.

Quote

Resilio Sync changed the QNAP NAS https port #. It's now running under 14860. BitTorrent Sync had it under 14859.

Not exactly. Whole Resilio Sync is using 14860. From technical POV BitTorrent Sync is different app, therefore we can't use same port and we have to change to 14860.

Quote

We should be able to "Require" HTTPS connections.

Current level of app integration with QTS does not allow us to check which option user used to login and enforce the same, though you can SSH to your NAS, manually open sync.conf and put the parameter

"force_https" : true

inside "webui" section. Don't forget to add necessary commas to follow JSON syntax.

Quote

The Windows client even offers ability to allow only local connections, which is more secure (not possible with a NAS).

By default, Sync WebUI only binds to loopback interface for security reasons. Obviously, we have to override it for NASes.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.