To the YacReader team,
I just dicovered your work and bought your really well made ios application.
As I wanted to access it on the internet, I set it behind a nginx server reverse proxy.
This way, it is possible to give it a name and a letsenctrypt ssl certificate.
It is even possible to set a basic http authentication.
I can now access the server in the ios application by putting the address : login:password@domain.tld
My only problem so far is that the ios application do not accept https but only http , so the login and password can be passed securely to nginx. It has forced me to base64 encode the informations, and even there, it not secured.
Would you be so kind to allow https communication in the ios application so we can pass our login and password securely ?
Regards,
Joe
PS : Here is my very basic nginx configuration
server {
listen 80 ;
server_name domain.tld;
return 301 https://domain.tld$request_uri;
access_log /var/log/nginx/yac.access.log;
error_log /var/log/nginx/yac.error.log;
}
server {
listen 443;
server_name domain.tld;
client_max_body_size 10G;
auth_basic "yac";
auth_basic_user_file "/etc/nginx/passwd/yac_passwd";
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SH$
ssl_prefer_server_ciphers on;
location ~* ^/(img|css|font|js)/ {
try_files $uri @yac;
}
location / {
try_files $uri @yac;
}
location @yac {
# Adapt this to your configuration
proxy_pass http://127.0.0.1:9999;
# Really important! Lufi uses WebSocket, it won't work without this
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# If you want to log the remote port of the image senders, you'll need that
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
