FlightAware Discussions

Nginx Reverse Proxy to PiAware

Hi All,

I’m trying to setup a nginx reverse proxy to my PiAware. Currently, I’m getting "The connection is not fully secure due to a “non-secure form”.

Seems like an issue with the “airframes_post” form using HTTP and not HTTPS. Do anyone have any ideas to get nginx reverse proxy working correctly or how to workaround the airframes_post form connecting over HTTP?

Given that, afaik, airframes.org doesn’t support https and there’s no other way to embed the query other than the form hackery, this seems unavoidable. You could remove the airframes form stuff entirely if you don’t need it.

That’s unfortunate that airframes.org lack of support for HTTPS is bringing down the overall security of PiAware. I wouldn’t want to break my PiAware with too much hackery, but would like a fully SSL secure option. Have others setup full SSL reverse proxy that can help me out here?

1 Like

Make a VPN Tunnel - The software are not designed to be on the internet (HTTP), nor HTTPS, which doesn’t help much…

It’s not really related to PiAware/SkyAware at all; it’s a third party site which doesn’t provide friendly scheme for external queries, so embedding a form is the only way I could make it work. None of skyaware loads from there and the only data that would be submitted over HTTP is the ICAO address of an aircraft that you clicked on the link for (+ the usual headers). If you don’t click the link, nothing goes over HTTP.

Putting nginx on the internet isn’t an issue. It’s designed exactly for that purpose.

A reverse proxy means that no one talks directly to the piaware device.
At least if the nginx is running on another machine.

I’ve removed the airframes.org stuff in tar1090 i believe.
So feel free to give that a go: https://github.com/wiedehopf/tar1090#tar1090

Also easy enough to set up nginx directly on the RPi and serve tar1090 with the nginx configuration file the installer creates, all you need to do is include it in your nginx config.

You could also serve Skyaware from nginx without issues, the configuration isn’t hard.

1 Like

In my opinion, the tar1090 has the best GUI for dump1090

These buttons of tar1090 are very useful:

 

Thank you @wiedehopf - my nginx reverse proxy with tar1090 is now fully utilizing HTTPS.

Do you know what configuration is needed for Skyaware with nginx or is the non-secure form still going to be an issue?

SSL

You’d have to change the javascript.

I will definitely stick with tar1090 since it is the superior option. Thank you for developing it!