Use TLS/SSL for server/clients com

10.42.0.135.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL
+BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw
+HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu
+MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX
+DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG
+A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG
+A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT
+E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF
+jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj
+n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+
+jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo
+zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB
+oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e
+WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3
+UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC
+gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY
+fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd
+roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi
+qrU3CmgJ4rJK
+-----END CERTIFICATE-----

10.42.0.156.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL
+BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw
+HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu
+MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX
+DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG
+A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG
+A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT
+E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF
+jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj
+n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+
+jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo
+zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB
+oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e
+WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3
+UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC
+gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY
+fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd
+roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi
+qrU3CmgJ4rJK
+-----END CERTIFICATE-----

app.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #
 import sys, os, base64, toml
-import http.client
+import http.client, ssl
 import xml.etree.ElementTree as ET
 from flask import Flask, render_template, request, make_response, jsonify
 from waitress import serve
@@ -71,6 +71,7 @@ cmd_auth = str(base64.b64encode(str(":" + app.config['DEFAULT']['cmd_auth']).enc
 hosts        = app.config['DEFAULT']['hosts']
 port         = app.config['DEFAULT']['port']
 cmd_port     = app.config['DEFAULT']['cmd_port']
+useSSL = app.config['DEFAULT']['useSSL']
 
 # Network/link utilities
 # https://www.metageek.com/training/resources/understanding-rssi/
@@ -79,6 +80,9 @@ def isup(host_l, port):
     global DEBUG
     import socket
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    if useSSL:
+         sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
+         s = sslcontext.wrap_socket(s, server_hostname=host_l)
     try:
         s.settimeout(3.0)
         s.connect((host_l, port))
@@ -96,7 +100,7 @@ def checkHosts(host_l):
     hostdown, hostup = [], []
     hosts_number = str(len(host_l))
     for lhost in host_l:
-        if not isup(lhost, 8080):
+        if not isup(lhost, port):
             hostdown.append(lhost)
         else:
             hostup.append(lhost)
@@ -142,10 +146,10 @@ def sendCommand(host, arg0, arg1, arg2):
         req = "/requests/playlist.xml"
     elif arg0 == "rssi":
         req = "/rssi"
-        portl = cmd_port    
+        portl = cmd_port
     elif arg0 == "reboot":
         req = "/reboot"
-        portl = cmd_port    
+        portl = cmd_port
     elif arg0 == "poweroff":
         req = "/poweroff"
         portl = cmd_port    
@@ -163,7 +167,11 @@ def sendCommand(host, arg0, arg1, arg2):
             elif (arg0 == "enqueue") or (arg0 == "add") :
                 req = req + "&input=file://" + media_folder_remote + "/" + arg1
     # Send request
-    conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
+    if useSSL:
+        sslcontext = ssl.create_default_context(cafile=host + ".crt")
+        conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext )
+    else:
+        conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
     try:
         conn.request( "GET", req, headers={"Authorization":"Basic " + auth} )
     except:

defaults.toml

@@ -1,5 +1,6 @@
 [DEFAULT]
 DEBUG = 0
+useSSL = false
 media_folder_local = "~/Videos"
 media_folder_remote = "~/Videos"
 media_ext = []

videopi.toml

@@ -1,12 +1,13 @@
 [DEFAULT]
 DEBUG = 0
+useSSL = true
 media_folder_local = "../medias"
-media_folder_remote = "/home/pi"
+media_folder_remote = "/home/pi/Videos/"
 media_ext = ["mp4", "avi", "mkv"]
 auth  = "secret"
 cmd_auth  = "secret"
 hosts = ["10.42.0.135", "10.42.0.156"]
 # VLC http LUA port
-port = 8080
+port = 8887
 # Clients cmd port
-cmd_port = 5000
+cmd_port = 8888