the fast, reliable localhost tunneling solution

Disabling insecure

2017-08-15, 07:22


I'd like to use pagekite to expose some internal services running on a Raspberry Pi at home behind a NAT, so that I can also access them from the Internet when I'm not at home. I thought the easiest way would be to have the service listen to insecure http port 80 and let pagekite handle https.

The simplest setting in /etc/pagekite.d/80_httpd.rc actually seems to serve the purpose:

service_on = http:@kitename : localhost:80 : @kitesecret

I can then access my webpage from I believe at this point I could either add some basic HTTP authentication to either the pagekite service or my webserver. Either way, I wouldn't want the authentication password to be sent unencrypted over HTTP. Is there any way I can disable plain http access?

If I change the above line to the following: service_on = https:@kitename : localhost:80 : @kitesecret

My browser complains that "SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG".

Any suggestions?


  1. iurly said on 2017-08-15, 20:54
    answering my own question, the solution (provided by Bjarni) was to use

    service_on = http-443:@kitename : localhost:80 : @kitesecret

    This will restrict the kite to only be served over port 443 (disabling port 80).
    Notice how this will not strictly prevent plain HTTP from running -- technically, you could still access it insecurely over HTTP through port 443 (
    This should however be sufficient to avoid the most common mistakes.

Leave a comment

( (Please leave these blank: )

We use Gravatar for commenter's photos. Get your own, it's free!