Whether you have installed EmonCMS as part of EmonHub or simply cloned it from Github, it will run over plain HTTP which, these days, is one of the first things to address in any web-based setup. So, to improve security EmonCMS should be configured to use HTTPS instead.
A fundamental requirement for running anything over HTTPS is a server certificate, so if you do not have one, go and get one before following this guide.
Assuming that you have a certificate handy and that you have any intermediate certificates that might be required to verify the certificate chain, we can continue with configuring EmonCMS. The first step is to copy the certificate to a place on the server running EmonCMS, where Apache can find them, e.g.
/usr/local/lib/server/. There should be at least three certificate files:
- the private key (
- the server certificate (
- at least one intermediate certificate (
Make sure that the
server folder and the certificate files have the correct permissions by executing
sudo chmod -R 500 /usr/local/lib/server
Also make sure that the certificates folder and the certificates are owned by the user used to run the Apache service (which is used to serve EmonCMS as a web application) by executing
sudo chown -R pi:pi /usr/local/lib/server
Once the certificates are in place everything is ready for Apache to be configured to serve content over HTTPS. To do so, follow Paul Reed’s guide over at the Open Energy Monitor Project.
Once configured most of the content in EmonCMS will be served over HTTPS. I write most because visualisations and dashboards in EmonCMS use full paths and will, thus contain the protocol as part of their configuration. This means that old configurations will get content over HTTP whereas the containing sites are retrieved using HTTPS, thus producing a warning in the browser (some security levels will even refuse to load the non-secure content).
This, however, can be overcome, either by reconfiguring the visualisations or by editing the values directly in the EmonHub database. The former is, of course, the most friendly approach and basically requires only going to the dashboard editor and make a change to the visualisations and then save the dashboard.
Depending on how many visualisations you have this should be a fairly quick task and it should not take long to have browser-based communication with EmonCMS secured.