[SOLVED] Can't access Admin Panel

Solved
1

Hi.
I’m trying to setup a local Blynk server on a Raspberri Pi3 that’s connected to my local wifi network.
I’ve followed all the instructions (so I believe…), and managed to run the server without any error message.
As a next step, from my browser running on a windows PC, I tried to access the admin page at

  https://192.168.1.69:7443/admin

As a result, I get a security error on the firefox browser “SEC_ERROR_UNKNOWN_ISSUER”.

Not sure why I’m getting this, but the browser allows to add an exception and, as a result, the browser now just shows a blank page.

Some additional info:

  • I created the SSL certificates following the instructions. No error about certificates in the log file (logs/blynk.log)

  • The PI3 also hosts a osmc application (may interfere someway?)

  • I put the server jar file in /home/osmc/blynk-server dir, that now looks like this:

      total 13460
  drwxr-xr-x 5 osmc osmc     4096 Jan  2 17:41 .
  drwxr-xr-x 9 osmc osmc     4096 Jan  2 10:33 ..
  drwxr-xr-x 4 osmc osmc     4096 Jan  2 15:32 data
  drwxr-xr-x 2 osmc osmc     4096 Jan  2 10:40 logs
  -rw-r--r-- 1 osmc osmc 13734173 Dec 29 22:16 server-0.21.2.jar
  -rw-r--r-- 1 osmc osmc     5143 Jan  2 16:57 server.properties
  -rw-r--r-- 1 osmc osmc     1265 Jan  2 16:27 server_embedded.crt
  -rw-r--r-- 1 osmc osmc     1090 Jan  2 16:26 server_embedded.csr
  -rw-r--r-- 1 osmc osmc     1679 Jan  2 16:25 server_embedded.key
  -rw-r--r-- 1 osmc osmc     1785 Jan  2 16:28 server_embedded.pem
  drwxr-xr-x 5 osmc osmc     4096 Jan  2 17:19 static

  • One thing that I noticed (not sure if correct) is that there is no “admin” dir at this level, but a “static” dir that includes a “server” dir. No admin.log file there, though.

  • I had to change the http and websocket ports from 808x to 809x (busy local network… :frowning: ), but I don’t expect this to have an impact on the issue I’m having.

  • Going to address

             https://192.168.1.69:7443/static/admin/admin.html

    I can see the admin interface (someway), but any menu option gives a “not found” message.

Any hint?

2

This is correct, not any of your other derivatives.

What browser are you using and on what OS?

Suggest you work through the guidance notes a few more times.

3

Did you add the server.properties file?

4

I’m using Mozilla Firefox on Windows 10.
Also tried Microsoft Edge (new name for IE) with similar results: security error, then, after asking to go on, I got a 404 error (file not found).
I think I have read all the relevant docs, but I’ll follow your suggestion and try to dig something more… Thanks!

5

[quote=“psoro, post:3, topic:10475, full:true”]
Did you add the server.properties file?

Hi psoro if you look at my dir listing, you’ll see it there.
Here is the content:

#hardware mqtt port
hardware.mqtt.port=8440

#hardware ssl port
hardware.ssl.port=8441

#hardware plain tcp/ip port
hardware.default.port=8442

#http port
http.port=8090

#web sockets ssl port
ssl.websocket.port=8091
#web sockets plain tcp port
tcp.websocket.port=8092


#https port
https.port=9443

#application ssl port
app.ssl.port=8443

#by default server uses embedded in jar cert to simplify local server installation.
#WARNNING DO NOT USE THIS CERTIFICATES ON PRODUCTION OR IN WHERE ENVIRNOMENTS REAL SECURITY REQUIRED.
#provide either full path to files either use '.' for specifying current directory. For instance "./myfile.crt"
server.ssl.cert=./server_embedded.crt
server.ssl.key=./server_embedded.pem
server.ssl.key.pass=*******

client.ssl.cert=./server_embedded.crt
client.ssl.key=./server_embedded.pem

#application ssl and https/websockets certs may be different
https.cert=./server_embedded.crt
https.key=./server_embedded.pem
https.key.pass=abcd

#by default System.getProperty("java.io.tmpdir")/blynk used
data.folder=

#folder for logs.
logs.folder=./logs

#log debug level. trace|debug|info|error. Defines how precise logging will be.
log.level=info

#defines maximum allowed number of user dashboards. Needed to limit possible number of tokens.
user.dashboard.max.limit=10

#defines maximum allowed widget size in KBs as json string.
user.widget.max.size.limit=10

#user is limited with 100 messages per second.
user.message.quota.limit=100
#in case of consistent quota limit exceed during long term, sending warning response back to exceeding channel
#for performance reason sending only 1 message within interval. In millis
user.message.quota.limit.exceeded.warning.period=60000

#maximum allowed number of notification queue. Queue responsible for processing email, pushes, twits sending.
#Because of performance issue - those queue is processed in separate thread, this is required due
#to blocking nature of all above operations. Usually limit shouldn't be reached.
notifications.queue.limit=10000

#Number of threads for performing blocking operations - push, twits, emails, db queries.
#Recommended to hold this value low unless you have to perform a lot of blocking operations.
blocking.processor.thread.pool.limit=5

#this setting defines how often we can send mail/tweet/push or any other notification. Specified in seconds
notifications.frequency.user.quota.limit=15

#this setting defines how often we can send webhooks. Specified in miliseconds
webhooks.frequency.user.quota.limit=1000

#this setting defines how big could be response for webhook GET request. Specified in kbs
webhooks.response.size.limit=64

#maximum size of user profile in kb's
user.profile.max.size=64

#number of strings to store in terminal widget
terminal.strings.pool.size=25

#number of strings to store in map widget
map.strings.pool.size=25

#number of strings to store in lcd widget
lcd.strings.pool.size=6

#maximum number of rows allowed
table.rows.pool.size=100

#period in millis for saving all user DB to disk.
profile.save.worker.period=60000

#period in millis for saving stats to disk.
stats.print.worker.period=60000

#specifies maximum period of time when application socket could be idle. After which
#socket will be closed due to non activity. In seconds. Default value 600 if not provided.
#leave it empty for infinity timeout
app.socket.idle.timeout=600
#specifies maximum period of time when hardware socket could be idle. After which
#socket will be closed due to non activity. In seconds. Default value 15 if not provided.
#leave it empty for infinity timeout
hard.socket.idle.timeout=15

#Enables native socket transport for Linux using JNI. Should be turned on only if you 100% sure.
#may not work on some environments. Used to increase server performance. Performance boost is ~20-40%.
enable.native.epoll.transport=false

#Enabled native openSSL support for SSL handlers. Should be turned on only if you 100% sure.
#may not work on some environments. Used to increase server performance. Performance boost is ~16%.
#For more details see - http://netty.io/wiki/forked-tomcat-native.html
enable.native.openssl=false

#mostly required for local servers setup in case user want to log raw data in CSV format
#from his hardware
enable.raw.data.store=true

#size of async logger ring buffer. should be increased for loads >2-3k req/sec
async.logger.ring.buffer.size=2048


#ADMINISTRATION SECTION

admin.rootPath=admin

#administration https port
administration.https.port=7443

#host for reset pass redirect. by default current server IP is taken. could be replaced with more friendly hostname.
#it is recommended to override this property with your server IP to avoid possible problems of host resolving
#reset-pass.http.host=

#comma separated list of administrator IPs. allow access to admin UI only for those IPs.
#you may set it for 0.0.0.0/0 to allow access for all.
#you may use CIDR notation. For instance, 192.168.0.53/24
allowed.administrator.ips=0.0.0.0/0


#comma separated list of users allowed to create accounts. leave it empty if no restriction required.
allowed.users.list=
6

I don’t really speak Linux, but I think you need the / in the root path:

admin.rootPath=/admin

And after much frustration, this is all I needed in my server.properties file to “finally” get my administrator page working :relieved: Probably not super secure, but not open the the web anyhow.

server.ssl.cert=./server.crt
server.ssl.key=./server.pem
server.ssl.key.pass=*********

administration.https.port=7443
admin.rootPath=/admin
allowed.administrator.ips=0.0.0.0/0
allowed.users.list=*********@gmail.com
2 Likes
7

Hey, great! It works!!! :grinning:
I’d never thought about this, as /admin looks like an absolute path, I had already tried all the variants (./admin, /home/osmc/blynk-server/admin … ), but without your help I would have been stuck forever!!
Thank you!!

8

Ups…:blush: I didn’t notice it… fortunately @Gunner has been really fast pointing at the main line.

Regards!!

9

Presumably you copied the provided server.properties file and then for reasons only known to you, trashed it.

10

Right. Probably I changed it in an attempt to fix other issues that I was having at the beginning. Thanks again.

11

hlo alcal plz tell me what is that rootpath

12

It appears in the server.properties file that you should have on your server.

13

Hi, I have the same problem and couldn’t connect to the server when I try to acces from any browser https://192.168.43.1:7443/admin

14

@alvaroaguero55 do you have a server.properites file on your server?

15

serverproperties.jpg1349×599 478 KB

16

Yes, the server.properties file which was installed by default, then I only change the line
allowed.administrator.ips=127.0.0.1" by
allowed.administrator.ips=0.0.0.0/0 to allow connection from all Ips

17

@alvaroaguero55 did you do the “certificates” part of the installation?

Any chance of seeing your server.properties in a regular format rather than that horrible image you uploaded?

18

Lol my head hurts from that image!
What is the error page you receive?
Connection refused or something else?

19

I tried to upload the serverproperties file but the page says only allow jpg or png files.}
The error page says ERR_CONNECTION_REFUSED

20

#hardware mqtt port
hardware.mqtt.port=8440

#hardware ssl port
hardware.ssl.port=8441

#hardware plain tcp/ip port
hardware.default.port=8442

#http port
http.port=8080

#web sockets ssl port
ssl.websocket.port=8081
#web sockets plain tcp port
tcp.websocket.port=8082

#https port
https.port=9443

#application ssl port
app.ssl.port=8443

#by default server uses embedded in jar cert to simplify local server installation.
#WARNNING DO NOT USE THIS CERTIFICATES ON PRODUCTION OR IN WHERE ENVIRNOMENTS REAL SECURITY REQUIRED.
#provide either full path to files either use ‘.’ for specifying current directory. For instance “./myfile.crt”
server.ssl.cert=
server.ssl.key=
server.ssl.key.pass=

client.ssl.cert=
client.ssl.key=

#application ssl and https/websockets certs may be different
#https.cert=
#https.key=
#https.key.pass=

#by default System.getProperty(“java.io.tmpdir”)/blynk used
data.folder=

#folder for logs.
logs.folder=./logs

#log debug level. trace|debug|info|error. Defines how precise logging will be.
log.level=info

#maximum number of devices allowed per account
user.devices.limit=25

#maximum number of tags allowed per account
user.tags.limit=100

#defines maximum allowed number of user dashboards. Needed to limit possible number of tokens.
user.dashboard.max.limit=100

#defines maximum allowed widget size in KBs as json string.
user.widget.max.size.limit=10

#user is limited with 100 messages per second.
user.message.quota.limit=100
#in case of consistent quota limit exceed during long term, sending warning response back to exceeding channel
#for performance reason sending only 1 message within interval. In millis
user.message.quota.limit.exceeded.warning.period=60000

#maximum allowed number of notification queue. Queue responsible for processing email, pushes, twits sending.
#Because of performance issue - those queue is processed in separate thread, this is required due
#to blocking nature of all above operations. Usually limit shouldn’t be reached.
notifications.queue.limit=10000

#Number of threads for performing blocking operations - push, twits, emails, db queries.
#Recommended to hold this value low unless you have to perform a lot of blocking operations.
blocking.processor.thread.pool.limit=5

#this setting defines how often we can send mail/tweet/push or any other notification. Specified in seconds
notifications.frequency.user.quota.limit=15

#this setting defines how often we can send webhooks. Specified in miliseconds
webhooks.frequency.user.quota.limit=1000

#this setting defines how big could be response for webhook GET request. Specified in kbs
webhooks.response.size.limit=64

#maximum size of user profile in kb’s
user.profile.max.size=64

#number of strings to store in terminal widget
terminal.strings.pool.size=25

#number of strings to store in map widget
map.strings.pool.size=25

#number of strings to store in lcd widget
lcd.strings.pool.size=6

#maximum number of rows allowed
table.rows.pool.size=100

#maximum traffic allowed per user connection. Applied both for input and output bandwidth, in KBs
user.traffic.limit=256

#period in millis for saving all user DB to disk.
profile.save.worker.period=60000

#period in millis for saving stats to disk.
stats.print.worker.period=60000

#specifies maximum period of time when application socket could be idle. After which
#socket will be closed due to non activity. In seconds. Default value 600 if not provided.
#leave it empty for infinity timeout
app.socket.idle.timeout=600
#specifies maximum period of time when hardware socket could be idle. After which
#socket will be closed due to non activity. In seconds. Default value 15 if not provided.
#leave it empty for infinity timeout
hard.socket.idle.timeout=15

#Enables native socket transport for Linux using JNI. Should be turned on only if you 100% sure.
#may not work on some environments. Used to increase server performance. Performance boost is ~20-40%.
enable.native.epoll.transport=false

#Enabled native openSSL support for SSL handlers. Should be turned on only if you 100% sure.
#may not work on some environments. Used to increase server performance. Performance boost is ~16%.
#For more details see - http://netty.io/wiki/forked-tomcat-native.html
enable.native.openssl=false

#enable raw data storage to DB
enable.raw.db.data.store=false

#size of async logger ring buffer. should be increased for loads >2-3k req/sec
async.logger.ring.buffer.size=2048

#ADMINISTRATION SECTION

admin.rootPath=/admin

#administration https port
administration.https.port=7443

#host for reset pass redirect. by default current server IP is taken. could be replaced with more friendly hostname.
#it is recommended to override this property with your server IP to avoid possible problems of host resolving
#reset-pass.http.host=

#network interface to determine server’s current IP.
#only the first characters of the interface’s name are needed.
#the default setting eth will use the first ethX interface found (i.e. eth0)
net.interface=eth

#comma separated list of administrator IPs. allow access to admin UI only for those IPs.
#you may set it for 0.0.0.0/0 to allow access for all.
#you may use CIDR notation. For instance, 192.168.0.53/24
allowed.administrator.ips=0.0.0.0/0#comma separated list of users allowed to create accounts. leave it empty if no restriction required.
allowed.users.list=