It'sBen
Posts: 4
Joined: Sun Aug 31, 2014 2:58 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Sun Aug 31, 2014 3:20 am

Hi all,

I was wondering if anyone has had any success with adding authentication to the web UI using Apache to proxy the connection & a .htaccess & .htpassword file? E.G. user would visit http://ip, be presented with a standard login prompt handled via Apache & when authenticated Apache would convert all the calls to http://ip/xxx to http://ip:8080/xxx.
I've managed to get the main web UI screen to open using this approach, but when I click a link I get a DNS error saying that http://ip:8080/xxx cannot be resolved or words to that affect.

I notice that there is a branch that appears to include authentication but it's rather old now so I don't really want to use it. I'm loving the product, but I won't be able to sleep knowing that I've deployed something that can be exploited so easily - E.G. an attacker can simply HTTP to the pi & replace the assets with objectionable content.

Any input what so ever would be great; I've searched to see if anyone has had the same problem & lots of people have, but I haven't found a *real* solution IMHO.

Many thanks.

ttlogic
Posts: 2
Joined: Fri Aug 29, 2014 8:59 pm

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Sun Aug 31, 2014 7:21 pm

Regarding the branch with authentication: I've spent a bit of time over the last few weeks to make the modifications from axel-b work (for me) with the latest official version. It's still a bit too rough around the edges for my taste to publish it on github now, but if people are interested I'll see if I can do that within 1-2 weeks or so.

It mainly consists of axel-b's work, but with updates for the new templates, and modifications to make it work with the stunnel https from the official version.

One thing I'm wondering about though, is if there's a particular reason the original auth patch was never merged into the official version. I seem to remember there was some interest from Wireload in doing that, back when the patch was still fresh.

As for your problem with the Apache proxy: could it be that the Screenly web UI is sending absolute URLs to your browser, e.g. as a result of a redirect? The web UI runs locally on port 8080, so that's what it will use when sending an absolute URL. But if that's not accessible from the outside (as it shouldn't, because you want external traffic to go through your Apache server to perform authentication!), your browser will give you an error.

(I've had to tackle a similar issue when updating the auth patch, because in effect the https at port 443 is forwarded by stunnel as normal http to port 8080...)

adriansotov
Posts: 2
Joined: Mon Sep 01, 2014 1:55 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Mon Sep 01, 2014 2:03 am

Does anyone know the login and password (default) for screenly pro?

I'm trying to access the rasp prompt to configure a wifi adapter but login: Pi and pass: raspberry wont work.

adriansotov
Posts: 2
Joined: Mon Sep 01, 2014 1:55 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Mon Sep 01, 2014 2:11 am

anyone knows the default login name and password for the screenly pro app?

I'm trying to configure a wifi adapter and need to access the pi's terminal but login Pi and pass raspberry won't work...

It'sBen
Posts: 4
Joined: Sun Aug 31, 2014 2:58 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Thu Sep 04, 2014 12:14 am

ttlogic wrote:Regarding the branch with authentication: I've spent a bit of time over the last few weeks to make the modifications from axel-b work (for me) with the latest official version. It's still a bit too rough around the edges for my taste to publish it on github now, but if people are interested I'll see if I can do that within 1-2 weeks or so.
I would be very interested in testing your modifications when you are ready to release them. Unfortunately I'm not really a Python person so I am unable to help with any coding.
ttlogic wrote:One thing I'm wondering about though, is if there's a particular reason the original auth patch was never merged into the official version. I seem to remember there was some interest from Wireload in doing that, back when the patch was still fresh.
I was wondering / worrying about the same thing. Unfortunately, unless we hear from Wireload I think it's just going to be a case of trying it & seeing if anything breaks.
ttlogic wrote:As for your problem with the Apache proxy: could it be that the Screenly web UI is sending absolute URLs to your browser, e.g. as a result of a redirect? The web UI runs locally on port 8080, so that's what it will use when sending an absolute URL. But if that's not accessible from the outside (as it shouldn't, because you want external traffic to go through your Apache server to perform authentication!), your browser will give you an error.
The links that are generated when the proxy runs are in the form of http://ip/settings which AIUI is what should be happening - E.G. Apache is correctly replacing http://ip:8080/settings with http://ip/settings which is the purpose of the proxy mod. I'm wondering if the reason that it's failing is because the pages are generated somewhat dynamically? E.G. Apache is looking for /settings, but because the Python generates the page that is shown on the fly it simply doesn't exist. FYI, the exact error that I receive is:

"Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
GET /settings
.
Reason: DNS lookup failure for: 192.168.0.23:8080settings
Apache/2.2.22 (Debian) Server at 192.168.0.23 Port 80"

One possible way of tightening security would be to use iptables or ufw to only allow traffic on 8080 from localhost then accessing the interface over an SSH tunnel. This can be accomplished using PuTTY under Windows, but I'm not sure what options there are for other operating systems - I'm certain it's doable though.
This approach carries the advantage of having to authenticate via SSH before you can access the interface, but the downside is that it isn't overly end user friendly, so if non IT staff need to be able to add assets (as is the case in my situation) it's probably not an overly good idea.

@Wireload, if you're reading this do you have any thoughts?

Many thanks.

It'sBen
Posts: 4
Joined: Sun Aug 31, 2014 2:58 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Thu Sep 04, 2014 12:16 am

adriansotov wrote:anyone knows the default login name and password for the screenly pro app?

I'm trying to configure a wifi adapter and need to access the pi's terminal but login Pi and pass raspberry won't work...
I haven't tried the pro version, but for me, pi (not Pi) and raspberry work.

CaptainKen
Posts: 5
Joined: Sun Aug 11, 2013 7:18 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Sun Sep 07, 2014 9:36 pm

Can screenly be pointed to a samba share as a source? If so, is it just a simple setting?

CoffeShop
Posts: 1
Joined: Tue Sep 09, 2014 1:45 pm

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Tue Sep 09, 2014 1:50 pm

ttlogic wrote:Regarding the branch with authentication: I've spent a bit of time over the last few weeks to make the modifications from axel-b work (for me) with the latest official version. It's still a bit too rough around the edges for my taste to publish it on github now, but if people are interested I'll see if I can do that within 1-2 weeks or so.
Waiting for that!

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Thu Sep 11, 2014 4:45 pm

CaptainKen wrote:Can screenly be pointed to a samba share as a source? If so, is it just a simple setting?
No, that isn't supported today. The way to support this would be to add support for local files (which is somewhat tricky from a security perspective) and then mount the Samba/CIFS share.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Thu Sep 11, 2014 4:56 pm

It'sBen wrote:Hi all,

I was wondering if anyone has had any success with adding authentication to the web UI using Apache to proxy the connection & a .htaccess & .htpassword file? E.G. user would visit http://ip, be presented with a standard login prompt handled via Apache & when authenticated Apache would convert all the calls to http://ip/xxx to http://ip:8080/xxx.
I've managed to get the main web UI screen to open using this approach, but when I click a link I get a DNS error saying that http://ip:8080/xxx cannot be resolved or words to that affect.

I notice that there is a branch that appears to include authentication but it's rather old now so I don't really want to use it. I'm loving the product, but I won't be able to sleep knowing that I've deployed something that can be exploited so easily - E.G. an attacker can simply HTTP to the pi & replace the assets with objectionable content.

Any input what so ever would be great; I've searched to see if anyone has had the same problem & lots of people have, but I haven't found a *real* solution IMHO.

Many thanks.
The *real* solution so to speak is to implement Basic Auth (or similar) directly in Bottle (see https://stackoverflow.com/questions/132 ... -http-auth). We won't accept any changes upstream that depends on a secondary web server, as that both adds complexity and wastes resources (the resource part is particularly true for Apache)
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

CaptainKen
Posts: 5
Joined: Sun Aug 11, 2013 7:18 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Sat Sep 13, 2014 3:20 am

vpetersson wrote:
CaptainKen wrote:Can screenly be pointed to a samba share as a source? If so, is it just a simple setting?
No, that isn't supported today. The way to support this would be to add support for local files (which is somewhat tricky from a security perspective) and then mount the Samba/CIFS share.
Thank you for responding.

So the only storage options are either Web sites or "/home/pi/screenly"?

USB Sticks are not supported?

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Sat Sep 13, 2014 10:14 am

CaptainKen wrote: So the only storage options are either Web sites or "/home/pi/screenly"?

USB Sticks are not supported?
Well, it is more complicated than that. You can't just copy things into the assets folder. The assets also needs to be added to the database, otherwise the assets won't be discovered by the player.

Hence you need to either write a script that does this, or use the web interface.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

AusS2000
Posts: 3
Joined: Mon Sep 15, 2014 5:06 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Mon Sep 15, 2014 6:18 am

I don't seem to be able to start a new thread. Is that how it works around here? One thread, and you just tack onto the end of it? I hope the answers to my questions aren't buried somewhere in this thread already.

I have been mucking around with Screenly OSE. I take it the difference between the Pro license and OSE is that Wireload host the DAM for Pro and with OSE it it hosted on the Pi itself. Correct?

I would like to run a series of screens but would like to run the DAM myself. We already run a Content Management System for the users websites but would like to use the content on the screens as well (formatted slightly differently). Does the OSE source code allow you to specify a remote server for it's data, and what format would this data be delivered in? XML, JSON?

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Mon Sep 15, 2014 8:07 am

AusS2000 wrote:I don't seem to be able to start a new thread. Is that how it works around here? One thread, and you just tack onto the end of it? I hope the answers to my questions aren't buried somewhere in this thread already.
Yes, This is the proper approach.
AusS2000 wrote: I have been mucking around with Screenly OSE. I take it the difference between the Pro license and OSE is that Wireload host the DAM for Pro and with OSE it it hosted on the Pi itself. Correct?
Yes, that is correct. Pro is a hosted solution, whereas OSE is a stand-alone solution that runs on the device itself.
AusS2000 wrote: I would like to run a series of screens but would like to run the DAM myself. We already run a Content Management System for the users websites but would like to use the content on the screens as well (formatted slightly differently). Does the OSE source code allow you to specify a remote server for it's data, and what format would this data be delivered in? XML, JSON?
There is no support for feeding Screenly this way. You'd need to manually add the content to Screenly.

At some point, we will however release an API for Pro.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

AusS2000
Posts: 3
Joined: Mon Sep 15, 2014 5:06 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Tue Sep 16, 2014 6:07 am

I eagerly await this addition. In the meantime I will work on automating the add/edit/delete of assets from my CMS. Any assistance you can provide would be appreciated (it'll sell some Pros).

AusS2000
Posts: 3
Joined: Mon Sep 15, 2014 5:06 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 17, 2014 2:40 am

Taking this a bit further, if you had a CMS which could supply data in a any requested format, how would you integrate this with Screenly? The aim is to have it as user friendly and seamless as possible.

Thoughts are:

Option 1
Set up Screenly with one asset which is a URL with a duration of 60 seconds.
That URL would load a HTML5 page that showed content in a sequential manor with transitions and slide-ins using HTML5/CSS over a 60 sec time limit.
Working out the timing would all happen in the CMS. For 3 pages, 20 secs each. 4, 15 secs each.

Option 2
Set up Screenly to load a finite number of assets, say 6. Theses assets would all be URLs.
The content at those URLS would be supplied by the CMS and consist of the pages with fly-ins etc.
Might require the CMS to be able to Enable/Disable various assets in Screenly.

smartguy
Posts: 2
Joined: Wed Sep 17, 2014 8:25 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 17, 2014 8:32 am

hi Petersson, great piece of SW! :D but i've got a Q:
is there a workarround for making the "password protected content" for websites available to the content?
or do u have a ETA when to be expected?
i need this hardly to make sites like nagios available on the screen.
best regards.

ttlogic
Posts: 2
Joined: Fri Aug 29, 2014 8:59 pm

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 17, 2014 6:59 pm

Turns out I've had less time available than I thought...

So, I think I managed to put my current state of the authentication patches on https://github.com/timterlaak/screenly-ose/tree/auth . There's still a bit of polishing I'd like to do, but it currently Works For Me (tm).

If you want to try it out, please also look at the configuration file in misc/screenly.conf. And make sure to enable SSL as well, otherwise I think it's rather pointless.


Edit for clarity: This is not meant as a reply to Smartguy's post directly above. It's about athentication to Screenly-OSE's web interface, not for content pages that need a password to be viewed.

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Thu Sep 18, 2014 4:14 pm

smartguy wrote:hi Petersson, great piece of SW! :D but i've got a Q:
is there a workarround for making the "password protected content" for websites available to the content?
or do u have a ETA when to be expected?
i need this hardly to make sites like nagios available on the screen.
best regards.
We don't have any immediate plans for adding support for this, but if someone wants to issue a pull request that adds support for basic auth, that would be great.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

smartguy
Posts: 2
Joined: Wed Sep 17, 2014 8:25 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Tue Sep 23, 2014 9:36 am

vpetersson wrote:
smartguy wrote:hi Petersson, great piece of SW! :D but i've got a Q:
is there a workarround for making the "password protected content" for websites available to the content?
or do u have a ETA when to be expected?
i need this hardly to make sites like nagios available on the screen.
best regards.
We don't have any immediate plans for adding support for this, but if someone wants to issue a pull request that adds support for basic auth, that would be great.
i don't wanna be rude, but i think there has already been a request for this in 2012 on Github by Fleros and on which you applied as a valid feature request..

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Tue Sep 23, 2014 7:31 pm

smartguy wrote: i don't wanna be rude, but i think there has already been a request for this in 2012 on Github by Fleros and on which you applied as a valid feature request..
Not to my recollection. There are no open pull requests at this time in at least.

We have actually played a bit with this, but we had some issues with getting UZBL to play ball. There is a built-in feature for this, but it didn't get it to fully work at that time.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

dmelladom
Posts: 13
Joined: Thu Feb 14, 2013 12:38 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 24, 2014 8:04 am

Hi everyone!
It is amazing how this thread has been updated since I started working with Screenly. Congrats to vpetersson and all the staff behind it.

I feel a bit silly to post this among high-level users questions, but I have detected a kind of strange behaviour: when I try to upload files above 200Mb I usually had problems until I realized they were rendered without sound. Does it seem like a true bug/issue? Does it have to do something with ffmpeg?

Also, I would like to work a litte on manually setting the assets. Instead of using the HTML uploader, read the SD/microSD card using a computer, copy manually the clip and set the asset file. Does it sound like something doable? Is there any special codification of the information that makes it simply not possible?

Many thanks for supporting this OSE, it really makes a difference.

Best,
Diego

dmelladom
Posts: 13
Joined: Thu Feb 14, 2013 12:38 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 24, 2014 11:28 am

Hi again!
Just a little more thing:
Is it possible to use, instead of the composite output or the HDMI connection, use the display port for an external screen?
Only one will be used, not looking for double screen.
Thanks!
Diego

vpetersson
Posts: 395
Joined: Wed Jul 25, 2012 9:23 am
Contact: Website

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 24, 2014 6:14 pm

dmelladom wrote:Hi again!
Just a little more thing:
Is it possible to use, instead of the composite output or the HDMI connection, use the display port for an external screen?
Only one will be used, not looking for double screen.
Thanks!
Diego
Hi Diego,

I'm not sure I follow you. The Raspberry Pi doesn't have a Display Port -- only Composite and HDMI.
Creator of Screenly (Screenly.io), the leading digital signage solution for the Raspberry Pi. Now hacking on WoTT (github.com/WoTTsecurity/agent),
Twitter: @vpetersson | vpetersson.com

dmelladom
Posts: 13
Joined: Thu Feb 14, 2013 12:38 am

Re: Screenly OSE -- Digital Signage for the Raspberry Pi

Wed Sep 24, 2014 7:04 pm

I totally understand that you don't follow, it was not the clearest post ever.
I was trying to refer to the dsi -if i am not wrong- port available on the RaspPI to attach a display using a flat ribbom cable.
Sorry for the confusion and thanks for asking!
Best,
Diego

Return to “Other projects”