The drive to secure the web with https traffic has had some unintended casualties. One of them is the ease of using browsers to talk to local devices on your network.
Kiri:Moto and all of Grid.Space must be served over https in order to be integrated into sites like Onshape, and also not to be penalized by Google or other search engines. It’s also just a good idea.
But when Kiri:Moto (KM) wants to talk to OctoPrint (OP) to spool a job and OP is running on your local home network, the current browser security regimes all but prevent it. And that’s because in order for a secure site (KM) to send data to a device (OP), it must not downgrade that connection to an insecure (http) one.
By default and out of necessity, OctoPrint typically only uses http on your home network. In order to have OctoPrint listen for https traffic, it needs a special certificate. And while you can create your own “self singed” certificates, this is not sufficiently secure for our purposes. Browsers will still reject the KM to OP connection in that case. The OP certificate needs to be signed by a root CA.
There are byzantine ways to accomplish this. It involves you controlling DNS services for a domain and some command line hijinks to convince LetsEncrypt to generate a certificate for you. Once the certificate is issued, it needs to be renewed every 60-80 days. So put the previous bit on repeat.
Because all of this is so difficult and there is no real sanctioned way to accomplish secure local/private network communications, most devices use secured cloud endpoints to route traffic from your desktop to the 3d printer, cnc mill, or laser cutter sitting next to you. This is daft. Yet we now accept it as the norm that data to control devices in our immediate proximity probably has to go through an AWS server somewhere else first.
Good luck using your expensive tools or changing your thermostat if you have poor internet service or AWS is having a bad day.
There are efforts underway to remedy this. But realistically it will be years before they are ratified and begin to be supported by browsers.
In the meantime, I have stood up a service that does all of this for you. It will allow you to claim a host name under the
my.addr.live sub-domain, map it to an RFC1918 private address, and then download certificates that you can install on a local device with that IP address.
Once you’ve done this, you can access, for example, your local OctoPrint device as
oppunome.my.addr.live from within your browser over https. But more importantly, you can tell Kiri:Moto to send a print directly to that host name and the traffic will never leave your home network.
The web page to claim a host name and get a certificate is at:
I look forward to your feedback