IMcPwn Posted December 27, 2015 Share Posted December 27, 2015 I found a tutorial for adding SSL to the Wifi Pineapple Mark V. https://github.com/hak5/wifipineapple-wiki/blob/gh-pages/add_ssl.md To my knowledge this does not work on the Nano. First issue appears when installing with the --dest usb option. * resolve_pkg_dest_list: Unknown dest name: `usb'. I figured this was for the SD card and installed it without that parameter, no errors. The Nginx configuration part does not work at all though following the configuration exactly. I've never used nginx before so I'm unfamilar how to fix nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /etc/nginx/nginx.conf:61 My exact configuration is (yes the certs are valid and exist) user root root;worker_processes 1;events {worker_connections 1024;}http {include mime.types;index index.php index.html index.htm;default_type text/html;sendfile on;keepalive_timeout 65;gzip on;gzip_min_length 1k;gzip_buffers 4 16k;gzip_http_version 1.0;gzip_comp_level 2;gzip_types text/plain application/x-javascript text/css application/xml;gzip_vary on;server {listen 80; # Port, make sure it is not in conflict with another http daemon.server_name www; # Change this, reference -> http://nginx.org/en/docs/http/server_names.htmlerror_page 404 =200 /index.php;error_log /dev/null;access_log /dev/null;fastcgi_connect_timeout 300;fastcgi_send_timeout 300;fastcgi_read_timeout 300;fastcgi_buffer_size 32k;fastcgi_buffers 4 32k;fastcgi_busy_buffers_size 32k;fastcgi_temp_file_write_size 32k;client_body_timeout 10;client_header_timeout 10;send_timeout 60; # 60 sec should be enough, if experiencing alof of timeouts, increase this.output_buffers 1 32k;postpone_output 1460;root /www/; # Your document root, where all public material is.location ~ \.php$ {fastcgi_index index.php;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;if (-f $request_filename) {# Only throw it at PHP-FPM if the file exists (prevents some PHP exploits)fastcgi_pass unix:/var/run/php5-fpm.sock; # The upstream determined above}}error_page 404 =200 /index.php;}server {listen 1471 ssl; # Port, make sure it is not in conflict with another http daemon.server_name pineapple; # Change this, reference -> http://nginx.org/en/docs/http/server_names.htmlssl_certificate /etc/ssl/certs/server.pem;ssl_certificate_key /etc/ssl/certs/server.key;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers HIGH:!aNULL:!MD5;error_page 404 =200 /index.php;error_log /dev/null;access_log /dev/null;fastcgi_connect_timeout 300;fastcgi_send_timeout 300;fastcgi_read_timeout 300;fastcgi_buffer_size 32k;fastcgi_buffers 4 32k;fastcgi_busy_buffers_size 32k;fastcgi_temp_file_write_size 32k;client_body_timeout 10;client_header_timeout 10;send_timeout 60; # 60 sec should be enough, if experiencing alof of timeouts, increase this.output_buffers 1 32k;postpone_output 1460;root /pineapple/; # Your document root, where all public material is.add_header 'Cache-Control' 'must-revalidate';location ~ \.php$ {fastcgi_index index.php;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;if (-f $request_filename) {# Only throw it at PHP-FPM if the file exists (prevents some PHP exploits)fastcgi_pass unix:/var/run/php5-fpm.sock; # The upstream determined above}}}} So far loving the hardware and UI, thanks Hak5! Quote Link to comment Share on other sites More sharing options...
IMcPwn Posted December 27, 2015 Author Share Posted December 27, 2015 By the way, some paths in running nginx -V seem invalid. root@Pineapple:/etc/nginx# nginx -V nginx version: nginx/1.4.7 built by gcc 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r46581) configure arguments: --crossbuild=Linux::mips --prefix=/usr --conf-path=/etc/nginx/nginx.conf --add-module=/home/sebkinne/raid/hak5/pineapple/nano-firmware/build_dir/target-mips_34kc_uClibc-0.9.33.2/nginx-1.4.7/nginx-naxsi/naxsi_src --without-http-cache --add-module=/home/sebkinne/raid/hak5/pineapple/nano-firmware/build_dir/target-mips_34kc_uClibc-0.9.33.2/nginx-1.4.7/nginx-syslog --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-cc=mips-openwrt-linux-uclibc-gcc --with-cc-opt='-I/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16' --with-ld-opt='-L/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/lib -L/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/target-mips_34kc_uClibc-0.9.33.2/lib -L/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/lib -L/home/sebkinne/raid/hak5/pineapple/nano-firmware/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/lib' Specifically /home/sebkinne which doesn't exist :) Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted December 28, 2015 Share Posted December 28, 2015 Hi IMcPwn, The firmware is still in development, and there are some things that are not completed yet. One of which is nginx's SSL support. Regarding the path, those are just compile time options - the path is absolutely correct. Doesn't influence the runtime at all ;) Also, it's "--dest sd" for the WiFi Pineapple if an SD card is inserted. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
IMcPwn Posted December 28, 2015 Author Share Posted December 28, 2015 Thanks! Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 10, 2016 Share Posted January 10, 2016 Just so you know IMcPwn, I am currently working on a module that will allow you to create and manage SSL/TLS certificates. Part of the functionality will be an automatic upgrade of the Pineapple interface to SSL. I have it working on the MKV but need to wait until I get my Tetra to start working on the front end so I can release it. 2 Quote Link to comment Share on other sites More sharing options...
IMcPwn Posted January 11, 2016 Author Share Posted January 11, 2016 Sounds great! Thanks for the notice! Quote Link to comment Share on other sites More sharing options...
simonec Posted January 26, 2016 Share Posted January 26, 2016 I am wondering if Aardwolf Ambulance is helping also over this. Are we able to add HTTPS to the Management Web Site, yet? If not, when should we be able to? Thank you! Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 26, 2016 Share Posted January 26, 2016 (edited) Not yet. Once it's available in the next firmware update/release my module Papers will be released and you can easily add HTTPS that way. Edited January 26, 2016 by sud0nick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.