HTTPS on Linux

Tagged: , , ,

This topic contains 25 replies, has 3 voices, and was last updated by Mikhail Mikhail 10 months, 2 weeks ago.

Viewing 15 posts - 1 through 15 (of 26 total)
  • Author
    Posts
  • #3897
    Avatar
    hbwhite
    Participant

    I’ve been trying for the past 2 days to get HTTPS working with Rapid SCADA on a Linux machine. I’m using Apache and the “scada_5.5.2_mono_en” package on Debian 9.3.

    I’ve read the other forum posts about this, but those solutions haven’t worked for me. Here are the things I’ve tried so far:

    – Editing the (2) web.config files included in the “scada_5.5.2_mono_en” package, un-commenting the parts with HTTPS code
    – Editing the (4) web.config files in the source code (also un-commenting the parts with HTTPS code), compiling the DLLs from source on Windows, and transferring them over to Linux
    – Running a reverse HTTPS proxy on Apache to route HTTPS traffic to Rapid SCADA on plain HTTP internally
    – Telling Apache to listen on alternative ports (such as 8080), just in case there is a privilege issue for ports below 1024
    – Reinstalling Rapid SCADA from scratch

    Each time, accessing the web interface over plain HTTP works fine, but when I use HTTPS, I get this error:

    Rapid SCADA
    Application Error
    An application error occurred. If it repeats often, please contact the support.
    Details:
    Could not find base address that matches Scheme http for endpoint WebHttpBinding

    All I need is for someone to point me in the right direction so I can fix this myself (and I will post the solution here). Any help would be greatly appreciated!

    #3901
    Mikhail
    Mikhail
    Moderator

    Hi,

    Try these config files. They work for enabling HTTPS on Windows, you can help to test them on Linux.

    If it doesn’t help, you can try deleting the folder ScadaWeb/plugins/Scheme for testing purposes. This is the Schemes plugin that caused the above error.

    #3903
    Avatar
    hbwhite
    Participant

    Unfortunately, neither of these solutions seem to have worked. I’m still getting the same error even with the new config files and the ScadaWeb/plugins/Scheme folder deleted.

    The web page will load, but the Scheme and the Table will not. If I look through the Javascript console in Google Chrome, I see the same error message above.

    Here’s something interesting. When I access the site over HTTP, the error says “Could not find base address that matches Scheme https for endpoint WebHttpBinding,” but when I access the site over HTTPS, the error says “Could not find base address that matches Scheme http for endpoint WebHttpBinding.” (Perhaps this is just because I deleted the ScadaWeb/plugins/Scheme folder, so now it can’t load either one.)

    I’m not very familiar with the Microsoft frameworks that Rapid SCADA runs on, otherwise I would probably know where to look. Does this error come from the .NET subsystem, and can it be fixed by modifying the web.config file?

    I really appreciate the effort you put into helping the community (are you the only one maintaining this project?) I’d be happy to contribute code back to the project to fix this issue (if something needs to be fixed); I just don’t know where the error originates.

    Thanks!

    • This reply was modified 1 year, 3 months ago by Avatar hbwhite.
    #3907
    Mikhail
    Mikhail
    Moderator

    Does this error come from the .NET subsystem, and can it be fixed by modifying the web.config file?

    Likely. On Linux we use Mono .NET Framework that is not fully compatible with original Microsoft .NET Framework. That’s why we get issues.
    If you provide screenshots of the errors, it helps to generate ideas.

    HTTPS in Linux is an important issue.

    What is your version of Mono .NET framework?
    Type the following command to check:

    mono --version
    
    #3914
    Avatar
    hbwhite
    Participant

    My Mono version is 5.12.0.226. You can see the problem here (I’m using the default credentials while testing):

    https://50.83.168.205/scada

    If this is offline when you visit it, I’m probably busy testing it with different web.config files.

    It won’t be able to load the scheme or the table over HTTPS, but if you change it to plain HTTP, they will load fine. You can see the error above if you go to Google Chrome, right-click and select Inspect > Console while browsing the HTTPS version.

    • This reply was modified 1 year, 3 months ago by Avatar hbwhite.
    #3916
    Avatar
    hbwhite
    Participant

    Update:

    The scheme and table will load over plain HTTP when using the default web.config files.

    When I uncomment the HTTPS part of the web.config files, they won’t load on either HTTP or HTTPS (the same thing happens when I use the web.config files you provided).

    #3928
    Mikhail
    Mikhail
    Moderator

    I opened your URL. I can say that all AJAX requests that are polled WCF web services cause Internal Server Error.

    Where do you see the error like “Could not find base address that matches Scheme https for endpoint WebHttpBinding”?

    #3929
    Mikhail
    Mikhail
    Moderator

    What if you comment all XML blocks related to HTTP?
    Most likely, it’s enough to test with the main ScadaWeb/Web.config. Table view have to show current data if it works.

    Remove httpGetEnabled at line 51
    Comment the endpoint at lines 63-64

    #3932
    Mikhail
    Mikhail
    Moderator

    On the next week, I can compare with my Linux machine.

    #3933
    Avatar
    hbwhite
    Participant

    I already tried commenting out the plain HTTP parts. It threw an exception related to the XML when trying to load the Scheme.

    You can see the error message I mentioned if you open the URLs that caused internal server errors manually.

    I will keep trying different things and let you know if I get something to work. Thanks!

    #3935
    Mikhail
    Mikhail
    Moderator

    Waiting for the news from you.
    On the next week I will try on my Linux computer.

    #3936
    Avatar
    hbwhite
    Participant

    I had to get this project finished on time with SSL support, so I ended up writing my own SCADA system in Python over the past few days using pymodbus, OpenSSL, Flask, and Apache. It doesn’t have as many features as Rapid SCADA, but it meets my requirements and runs “natively” on Linux. It actually wasn’t as difficult as I expected it to be! 🙂

    If I was using a Windows computer, Rapid SCADA would have been a better choice, but since I’m trying to run this on a Raspberry Pi, I needed something that could run on Linux with minimal CPU load (Mono used a lot of CPU cycles).

    I’d still be happy to help test Rapid SCADA’s SSL support on Linux, if you want me to try some new web.config files.

    #3943
    Mikhail
    Mikhail
    Moderator

    I’m going to continue work on this issue.
    Thank you for help with testing.

    #3975
    Mikhail
    Mikhail
    Moderator

    I’ve opened an issue on Mono https://github.com/mono/mono/issues/9458
    Hope the Mono team will work on it.

    #4077
    Mikhail
    Mikhail
    Moderator

    The workaround is creating Apache reverse proxy or use Nginx to tranfer HTTPS requests for existing HTTP web application. This is a good option.

Viewing 15 posts - 1 through 15 (of 26 total)

You must be logged in to reply to this topic.