Any luck with webcam feed?
Also tried it with Nabu casa and it just displays the login screen but won't log in (could be something on my side, looking into it)
sadly not. All those path rewritings are really weird.
Have tried some but none did really work well. Might try the nginx way in the next version, but sadly this project ist not on my important things list, so this could take some time. Sorry.
Not a problem, it's just a nice to have.
Other methods can be used in the meantime.
I have tried your solution, but still getting the log in loop. Any suggestions what i might be doing wrong? Thanks
hello, have you now found a solution to the problem. I'm currently facing the same problem in the iframe in iobroker vis.
Thank you for your help
same here, something funky going on, bump
I think i found a solution? I have been having the same loop of the login screen.
In the ~/.octoprint/config.yaml file, I added/modified the server: configuration per here. I added the value for samesite: none to the config, but newer installs might have it set to lax?
server:
cookie:
samesite: none
This fixed the looping issue and I can view the octopi install from an iframe now (specifically Home Assistant)
every now and then i come back to this and think: this should work, somehow...
So, another coffee break, another try:
I use Octoprint within docker, managed via portainer. My Home Assistant installation is exposed through cloudflare tunnel.
- I created some self signed ssl certs (in my case i just hopped into the container and used
apt install ssl-certwhich provided me with an.pemand.keyfile. See ssl-cert βΊ Wiki βΊ ubuntuusers.de - I joined those both files to one (
cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key > /octoprint/cert.pem) - I added a new
haproxy.cfgfile that looks like this:
Where the important sutff might be the explicit ssl binding, the SameSite cookie rewrite and the X-Scheme header.global maxconn 4096 user haproxy group haproxy daemon log 127.0.0.1 local0 debug # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative list with additional directives can be obtained from # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull retries 3 option redispatch option http-server-close option forwardfor maxconn 2000 timeout connect 5s timeout client 15min timeout server 15min frontend public bind :::80 v4v6 bind :::443 v4v6 ssl crt /octoprint/cert.pem use_backend webcam if { path_beg /webcam/ } #reqadd X-Forwarded-Proto:\ https default_backend octoprint backend octoprint http-request replace-path /(.*) /\1 http-request set-header X-Forwarded-Proto https if { ssl_fc } # Replace SameSite=Lax with SameSite=None in Set-Cookie headers http-response replace-header Set-Cookie "(.*);[ \t]*SameSite=Lax" "\1; SameSite=None" if { ssl_fc } http-request add-header X-Scheme "https" if { ssl_fc } # <-- IMPORTANT! option forwardfor server octoprint1 127.0.0.1:5000 backend webcam http-request replace-path /webcam/(.*) /\1 server webcam1 127.0.0.1:8080 - I adjusted my docker compose file:
(thx to [HAProxy config with SSL for OctoPi Raspbian Stretch Β· GitHub]version: '2.4' services: octoprint: image: octoprint/octoprint:latest ports: - 8055:80 - 8056:443 - 5000:5000 devices: - /dev/ttyUSB0:/dev/ttyUSB0 # - /dev/video0:/dev/video0 volumes: - /volume1/docker/octoprint:/octoprint - /volume1/docker/octoprint/haproxy.cfg:/etc/haproxy/haproxy.cfg environment: - ENABLE_MJPG_STREAMER=true - TZ=Europe/Paris
As the embedded iframe uses some self signed and only trusted cert, chrome complains about 'Not Secure' - that's fine for me. Adding the cert to the store might help, something like GitHub - FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like. does I guess.
For the moment chrome also complains about Third-party cookie will be blocked in future Chrome versions as part of Privacy Sandbox. - but this is an issue for later me and another coffee break.