I have a deployed SSL website displaying maps.
I have a local application (flight simulator) which spits out location data.
I'd like to have the browser's map update itself based on location data. Not just for me, but anyone running this local application should be able to see their location on their browser.
websockets won't work because the webapp is SSL & one cannot connect localhost or 127.0.0.1 with SSL websocket and insecure websockets are blocked. (Using DNS tricks and deploying certificates won't work because it should support "anyone".)
Using javascript File API with a UNIX domain socket won't work because, while I believe javascript can read domain sockets, there's no way for a User Browser to 'select' a domain socket as a File object.
The only pathway I see is by having the local application pass data directly to my webserver & have the webserver forward it to the appropriate browser. (Say, when local application is started, user provides their webapp login & the webserver will be able to pair incoming location data with user's web session.)
Is there another way? (a different path, or different configuration to permit websocket?) Seems too bad that localhost doesn't get a free pass with respect to security.
Related
I have a server which has multiple "app pages" running on it. (for example: Home Assitant, Cockpit etc.).
On the local network I can access them using like http://192.168.1.200:8123.
I used to use port forwarding but I didn't wanted to remember ports so I'm using Nginx Proxy Manager and a DuckDNS domain.
So now outside of the local network I can type https://ha.mydomain.duckdns.org, which works fine, but if I'm connected to the local network my browser throw a PR_END_OF_FILE_ERROR message.
I tried it with multiple devices, different applications, even on the home assistant app, and got the same result.
I'm using SSL certificates created in Nginx Proxy Manager, but when using http I get an 404 error.
After long searches I found that I probably need a custom local DNS (like pihole) running, and my router DNS has to point to it. I'm not sure if this would even solve my problem, but I would like to avoid this method, cause if my server shuts down or has any problem, it would cause problem on all the devices in my network.
I'm trying to upgrade a websocket connection ws:// to wss:// using a nginx reverse proxy https://github.com/nicokaiser/nginx-websocket-proxy/blob/master/simple-wss.conf
but I seem to be having trouble with the certificate part. My server is located on the same network as the client. So Ideally I would want my users to log in to "https://example.com" and then the client makes a connection to "wss://192.168.1.xxx:xxxx".
As of now the browsers are blocking it because of NET::ERR_CERT_COMMON_NAME_INVALID. I don't really know to produce a self signed certificate that the browsers will trust on the local network. Googling only gives me answers on how to do it if my server would be accessed using a domain name but I will always connect to a local network IP. Help is appreciated!
To anyone coming across this I managed to solve it using this post outlining the architecture https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/
What ended up happening was that we set up a url pointing to a server running nginx which parsed the subdomain and redirected the connection to that url. For example: wss://192-168-1-142.mydomain.com redirects to ws://192.168.1.142 which makes the browser trust the connection
Does this work?
Your post is a year old now and browsers have become stricter since then. Usually, a browser will produce 'mixed content' errors if you access HTTP content from a HTTPS page, and the only way to get round this is to change the site settings to allow insecure content, which is scary for users in the face of a big warning message.
If accessing an HTTPS web address redirects to an HTTP local IP address, won't the browser still complain about mixed content?
I have a similar situation to you. I am writing a Progressive Web Application (PWA) to control network music players on a home network. The players only support HTTP but a PWA requires HTTPS for services workers to work and to allow the app to be 'installed'.
My solution is to run a local server on the home network which can talk to the players over HTTP. Then I can access this server over HTTPS from my browser so that the browser itself is not making any HTTP calls.
This works fine if the server is on localhost because localhost is a special case where security rules are relaxed. But if the server is on another machine, how can I create an SSL certificate since (1) it seems that local IP addresses are not allowed in the Subject Alternative Name (SAN) section of the certificate, and (2) I won't know in advance what the IP address of the server will be.
If your workaround works, then the local server can use HTTP instead so I won't need a certificate. The local server can register itself with a web server, and then the browser can connect over HTTPS to the web server, which would redirect to the IP address of the local server over HTTP.
But does this trick work?
I have two Wordpress websites hosted on two different servers and wish to consolidate these to be hosted on one server.
I've successfully transferred the database and website files over and setup the new virtual host in Apache.
Before switching the DNS over to the new server, I like to confirm it is working by altering my hosts file (I'm on Windows) to point to the new server:
xxx.xxx.xxx.xxx example.co.nz
I can verify this by running ping example.co.nz and see that it is correctly pinging the IP address specified in the hosts file.
The strange thing, though, is that when I go to example.co.nz in my browser, I am redirected and served the other website that was originally on this server; othersite.co.nz.
But if I open my Chrome Dev Tools, which has the cache disabled, then I am served the correct site.
Is this just a local caching issue or will other users trying to access the site be affected by this? Is there a way I can verify this, perhaps externally?
I've followed the instructions here: http://guac-dev.org/doc/gug/installing-guacamole.html
This says
Guacamole is separated into two pieces: guacamole-server, which provides the guacd proxy and related libraries, and guacamole-client, which provides the client to be served by your servlet container, usually Tomcat.
guacamole-client is available in binary form, but guacamole-server must be built from source. Don't be discouraged: building the components of Guacamole from source is not as difficult as it sounds, and the build process is automated. You just need to be sure you have the necessary tools installed ahead of time. With the necessary dependencies in place, building Guacamole only takes a few minutes.
And then proceed to describe how to install guacamole-server and use it. I can now go to http://localhost:8080/guacamole/ and access the server and see which clients have connected.
How do I connect a client though? I see no documentation of where the remote desktop needs to browse to in order to run the guacamole-client?
Or have I totally misunderstood this?
The key phrase in the quoted documentation is:
... guacamole-client, which provides the client to be served by your servlet container, usually Tomcat.
"guacamole-client" is the web application and the client. When a user visits the URL for your Guacamole server, logs in, and clicks on a connection, they are connected to the corresponding remote desktop via Guacamole's JavaScript client which is served to their browser like any other web application.
I can now go to http://localhost:8080/guacamole/ and access the server and see which clients have connected.
The list you see when you first log in to your Guacamole server is not the list of clients that have connected; it is the list of connections to remote desktops which are available. If you click on one of those connections, you will be connected using Guacamole's own built-in JavaScript client.
How do I connect a client though? I see no documentation of where the remote desktop needs to browse to in order to run the guacamole-client?
The remote desktop does not need to do anything - Guacamole will simply connect to it. You can see a video of the overall user experience on the Guacamole website which may hopefully clear things up for you:
https://vimeo.com/116207678
Overall:
You deploy guacamole-client (the web application) and install guacamole-server (the remote desktop proxy that the web application uses in the backend). The combination of these two pieces of software makes up a typical Guacamole server.
You and your users can log in through the web application and connect to remote desktops using a web browser.
You do not need to explicitly run a client.
It looks like this
Internet -> Guacamole server (on the local network) -> Desktop pc
I installed Guacamole in a vmware enviroment on Ubuntu.
There is a file in /etc/guacamole what is called user-mapping.xml
In that file you add or edit the connections available to the user you want.
A connection for that user must be set between the <connection> tags
If I log in to our web server using RDP, I can't access any of the sites we run on that web server via their external url. For example, say my web server hosts www.example.com, when I log in to the web server, bring up a browser and try to go to www.example.com, I can't see it.
However, one of our sites was configured in some way to work like this, if I try to go to that url, it works as you might expect.
Unfortunately, this was done by our server hosting partners, who we are no longer in contact with. Does anyone know how this can be achieved?
You can do it in many way..
It depends on your network configuration, but it could also be a simple row in hosts file or a static dns record or a specific route for that ip address.
if you're using IIS you should also set the website to "listen" on the loopback interface in the bindings menu.
or, for IIS 6: