The new iOS app won't connect to my instance of SecuritySpy. It comes back with an error that reads: "The server that responded is not SecuritySpy."
I have installed nginx in front of SecuritySpy for the purpose of being able to control the TLS settings and to avoid running anything that depends on OpenSSL (using LibreSSL).
This configuration works fine with the SpyGlass iOS app and with the webUI in iOS browsers.
Can the iOS app be modified to connect even though it detects something else at the host name supplied?
This is an unusual configuration that we haven't tested. Is there an option in nginx to pass through all of the HTTP headers from SecuritySpy to the client? As long as the headers are transmitted intact, and you are using version 4.0.8 of SecuritySpy, there is no reason why this shouldn't work. If you are using 4.0.8 and still getting this error, it must be because nginx is modifying the HTTP headers on the way through for some reason.
Yes, I know this is unusual. As you can see from my nginx configuration, I'm terminating TLS at nginx and then connecting to SecuritySpy (https on port 8001).
One way I was able to get it to work was to both disable SSL in the nginx config and listen on 8000 instead. The iOS app seems to like this, but not having SSL is deal breaker.
I'll keep tinkering around to see what I can figure out. If that doesn't work, I'll have to expose the SecuritySpy system directly to the internet, something I've been trying to avoid.
After adding the proxy_pass_header, what was the error reported by the iOS app? Was it different from before?
Are you sure the SSL certificate that you are using is valid?
If the Server header is passed through from SecuritySpy, and the certificate is valid, then the iOS app should recognise the server as a valid SecuritySpy server.
This works fine in Chrome, Firefox, and the Spyglass iOS app.
(one more thing, the fact that i cant save a profile, even a non working profile, in the SecuritySpy iOS app makes it harder to troubleshoot since I have to reenter everything (hostname, port, username, password) every single time. would be nice to let you configure and save a profile regardless of success.)
2016/12/15 14:00:11 [info] 7683#7683: *171981 client sent plain HTTP request to HTTPS port while reading client request headers, client: (ip of my client), server: test.myserver.com, request: "GET /++systemInfo HTTP/1.1", host: "test.myserver.com:443"
imho i think that the iOS app make a request not via https but via http on https port (443).
The error indicates that the iOS app tried to connect to http://example.com:443 i.e., it's sending a HTTP request instead of HTTPS. What nginx is https://example.com:443 so it can pass username e password to the SS server in https and not in http!
I got around this by not specifying a port or username/password. Just put in the host name and it connects, prompts for credentials, and you're good to go.
The relevant part is the clause at the bottom. I listen on 8001 on the internet. SSL is enabled. The cert is a Let's Encrypt cert, so no warnings or issues with invalid certs.
Also, I did not solve by disabling SSL. I solved by not specifying SSL in the iOS app. As you can see from my config, you cannot connect without SSL.