By itself, AirSane does not support secure data transmission over HTTPS. Still, secure connections are possible by using the nginx webserver as a proxy. Also, user authentication may be configured via nginx. To set up secure traffic, follow these steps:
sudo apt install nginx
sudo mkdir /var/run/airsaned
sudo chown saned:www-data /var/run/airsaned
sudo chmod g+s /var/run/airsaned
sudo cp https/systemd/airsaned.default /etc/default/airsane
sudo cp https/nginx/airsaned-ssl /etc/nginx/sites-available
sudo ln -s /etc/nginx/sites-available/airsaned-ssl /etc/nginx/sites-enabled
sudo service airsaned restart
sudo service nginx restart
Officially, the eSCL protocol supports all means of web authentication. In our tests however, the macOS AirScan client supported neither basic nor digest authentication, and the Mopria Scan app for Android only worked with basic authentication.
If you still want to use authentication for the web interface or the Mopria app, basic authentication will be fine, as no clear text will be transmitted during authentication over a HTTPS connection.
sudo su
printf "USER:$(openssl passwd -crypt PASSWORD)\n" >> /etc/nginx/.htpasswd
exit
sudo nano /etc/nginx/sites-available/airsaned-ssl
sudo service nginx restart
Secure communication has been tested and confirmed to work using a Firefox web browser, macOS Image Capture, and Mopria Scan for Android as clients. Authentication only works using a web browser, or Mopria Scan for Android.
When using a web browser to access the AirSane web interface, you will receive a warning about an invalid certificate unless you configure nginx to use a real certificate rather than the self-signed one coming with openssl. If you have your own internet domain, you will be able to use a real certificate for free from the Let's Encrypt initiative.