Serving HTTPS / TLS from MP70?

I’ve written a little lua script that serves up some data over http using the lua socket module. This works well, but I’d like to use this output data in a Progressive Web App running on a locally connected device - frustratingly, browser security rules mean it can only pull in this data via https.

I haven’t found any out-of-the-box solutions for serving TLS pages from lua, and writing one from scratch would be a tall order!

I want to know about the possibility of running a separate webserver, either to pass through the lua output or to serve a file periodically written to by the lua script.

I’ve noticed a couple of processes on the device already serving up webpages, /usr/sbin/acehttp seems to be serving up a 404 on port 8088 and /sbin/ACEmanager is serving up the contents of /www on 9191 (http) and 9443 (https) .

I was hoping to write my file cheekily into the /www directory and let ACEmanager do the heavy lifting for me, but that’s part of a write-only filesystem.

Has anyone here been able to serve up TLS encrypted content from an MP70, either by configuring existing processes to access user-writable filespace or by somehow implementing their own server? I’d be interested to hear any suggestions or ideas. Cheers!

When I posted the question I hadn’t found any TLS server modules for lua. I’ve now found luasec which might just do the trick.

I’ll have a crack at getting that going. If anyone else here has any tips or advice on its use, I’d be glad to hear it.

Just in case anyone is following this - or wants to try the same thing in future, I’d say it’s probably feasible (to some extent), but not straightforward.

I’m trying to access the secure content with an Android device, which has rather complicated things.

I’d hoped to use the existing Sierra Wireless signed key and certificate used by ACEmanager but uasuser doesn’t have read permissions for those files. I had also considered using a self-signed certificate. In any case, neither of these would work for my purposes since Android doesn’t allow custom root authorities to be added.

It might be possible to obtain and use a certificate from an already trusted provider (Edit. no it’s not - a trusted CA will not issue a certificate to a private address) but at this point it starts to add an extra level of work and expense, rather beyond my experience as a humble programmer.

Hi AP11,

Sierra doesn’t encourage users to involve ALEOS system so you can’t go that way.

You can build a separate webserver and use your MP70 to provide access to it.

Thanks,

@jerdung - thanks for that.

I think my problem boils down to a restriction in the Android OS.

I could proxy the MP70 via a remote server with a public IP address and get around the TLS certification problems, but I’d be chewing through way more mobile data than otherwise. Using a local proxy server seems like a long-shot - I guess it might work using a dynamic DNS on the MP70.

I’ve settled on a workaround for the time-being. My cached secure page refreshes to the insecure page being served from the MP70. It’s not quite as seamless, but it will do for the time-being. If needed I could probably get a more polished user experience by wrapping the whole thing into a android app’s webview.