multitheftauto
[Enhancement] Upgrade web resources to be serveable over HTTPS as well as HTTP
Is your feature request related to a problem? Please describe.
The web resources in MTA work only through HTTP but pretty much the entire Internet works over HTTPS nowadays.
Describe the solution you'd like
Have the web interface upgraded to use HTTPS so that we can embed the web resources into our modern websites' iframe elements.
Describe alternatives you've considered
I know that there are other ways to create a web resource and not rely on the built-in solution but it would be very nice if it got upgraded nontheless so that people who don't know how to create their own API and serve it over HTTPS or how to create and use reverse proxies can just use the MTA web resources solution.
Additional context
This is the error/warning message(s) that come up when trying to embed a HTTP iframe into a HTTPS website: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
Security Policy
- [X] I have read and understood the Security Policy and this issue is not about a cheat or security vulnerability.
I look this one update before 22420, in this 22420 the https sites work perfectly, more after 22420 all builds work only http and https return the error 35, is problem in the curl and tls after curl update to 8.8.0 probably.
We're already aware of this and waiting for the next nightly build after the recent commit upgrading mbedTLS to 3.6.0
Edit: looks like the Linux x64 nightly build was created an hour ago but this has an issue, so we'll keep investigating
I look this one update before 22420, in this 22420 the https sites work perfectly, more after 22420 all builds work only http and https return the error 35, is problem in the curl and tls after curl update to 8.8.0 probably.
You mean build 22420 onwards exclusively for Linux server right? This should still be working fine on Windows
I look this one update before 22420, in this 22420 the https sites work perfectly, more after 22420 all builds work only http and https return the error 35, is problem in the curl and tls after curl update to 8.8.0 probably.
You mean build 22420 onwards exclusively for Linux server right? This should still be working fine on Windows
yeah, honestly i only have tested in linux x64, then i not have idea if this has broken in builds for windows after 22420
Can OP also confirm if they're using Linux or Windows @Megas97
Using Windows Server 2012 R2 for MTA host. But not using any nightly build of MTA server. http://66.150.121.102:22006/scoreboard/ - works https://66.150.121.102:22006/scoreboard/ - doesn't work
Apologies for the confusion, this "issue" is unrelated to the recent https issues with fetchRemote on nightly Linux servers since r22420.
The HTTP server has never supported HTTPS, I'm sure there was another issue open for this but I can't find it.
I think not all certificate authorities issue SSL/TLS certificates for IP addresses, so there's often no need to add one. On the other hand, using a web server with a domain and SSL/TLS is generally faster 🤔 .
An external HTTP server solves this issue. I suggest Nginx in reverse proxy configuration + let's encrypt for certificate
also for SSL certificates (HTTPS) you need a domain You'd have to host your resources panel on the domain webserver
Yeah that's way above my knowledge sadly, anyway just wanted to suggest it as a future feature enhancement someday if at all possible.