Baikal opens HTTP on port 8008, no HTTPS #2
Comments
|
Hi maichai, This project came out on GitLab in 2017 from a personal need, when I moved from iOS to Android and wanted to keep my calendars and contacts personal by avoiding any GAFA’s synchronization. As Synology Cardav (Webdav Server) and CalDav (CalDav Server) didn’t fit my requirements, I searched for an open-source solution, and I found Baikal for Synology. oomerik made an incredible work to create this package and the documentation, however he stopped to support it for the DSM 6.x. At this time, I ported it on DSM 6.x, moved configuration from httpd to nginx, managed problems like “.well-known urls with El Capitan (OSX 10.11)" and shared my work to others when I had a viable solution for OSX, Linux, Android and Windows; but i didn’t update the existing documentation. So, you’re right, the solution does not include yet the https protocol as it should, mainly because the Synology DSM6.0 Developer Guide is not very detailed on WebStation provisioning and making a canonical auto-configuration for the package is very spare time consuming. However, as I recently upgraded my Synology hardware, i can now use the former as a development platform and i hope to find the time in the future to improve the package installation. In the time being, if you have a viable solution for https working with iOSX it would be very useful for the community to write a Markdown page with screenshots. So, we could start a wiki to replace the legacy documentation. As it is an open-source project, any help is welcome and deeply encouraged for the benefit of the community. Best regards, |
|
Hi Laurent, still working with the reverse proxy. Looking forward to you finding the time to working on it. All the best, |
Baikal provides HTTP only on port 8008 on the Disk Station.
The iOS Contacts App will accept that no HTTPS is provided and does seem to sync the contacts into the addressbook just fine.
The macOS Contacts App, however, does not accept that no HTTPS is provided and will make a connection to the Baikal server at port 8008. This is not a certificate problem or anything else on my macOS since I had it work with the Synology CardDAV server before, so all these issues were sorted out earlier. AFAIK macOS Contacts App just does not work with unencrypted connections: Using Wireshark it can be seen that macOS Contacts always tries to establish a TLS layer, even if the SSL option is deselected when you create an account as "Advanced"!.
To me it is important that the sync data is transferred encrypted.
The Baikal manual (outdated, from 2015) claims that HTTPS could also be available, but the part of the documentation that refers to enabling HTTPS for Web Station is outdated. Web Station is in current DSM versions a separate package.
The only setting I could find that comes close to what the manual could mean is in DSM Control Panel > Network > DSM Settings: Automatically redirect HTTP connections to HTTPS (Web Station and Photo Station excluded) - and as you can already see, this does not seem to work for Web Station.
The SPK installs /conf/etc/nginx/sites-enabled/baikal.conf, but no "Baikal" shows up in Web Station or Appilcation Portal. What should be done to activate this config file?
A workaround is to create a reverse proxy in DSM Control Panel > Application Portal > Reverse Proxy with Source "https, *, 443" and Destination "http, localhost, 8008". However, the SPK should provide a working solution out of the box.
The text was updated successfully, but these errors were encountered: