I'm developing a cross-browser and cross-platform PWA for a camera slider. The idea is that a Raspberry Pi is serving a web interface for controlling this and also serves as an access point so it can be used without an Internet connection.
But since PWAs need the HTTPS protocol I don't know how I can serve my web application over HTTPS in a local network. Certificates are bought for domain names and not for a local IP address.
I do not want my customers to have to accept an "unsecure" private certificate every time before they can use my application.
Is there even a solution for my problem?
Related
I'm making a hobby project and it involves a NodeJS http server that I access via a web browser (through GET and POST requests). The HTML/CSS/JS part of the webpage is local, not on the NodeJS server.
I understand I need to generate SSL certificates but those ask for things like domain names and stuff.
I simply want to enable HTTPS on my NodeJS server. Right now I'm manually encrypting all messages sent back and forth through AES, but I trust the https security more, I'm not a cryptographer.
Is there an easy way to get those certificates? My NodeJS server is accessible via the internet but only by IP address (port forwarded), and through the express module using HTTP requests.
Do I need to pay for them?
In this case you can take services from Digital Ocean, you can buy subscription as per your choice and deploy your Nodejs app with free SSL certificate.(let's encrypt)
However I recommend you to understand following concepts
Reverse proxy (nginx)
Process managements (pm2)
SSL certificates
I am sure, You would love to go though with starter tutorials from DigitalOcean
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
As Its a hobby project, otherwise I would have recommended other options.
I have developed an Enterprise Web App for my company that need to run on a private network. I have assigned the in house server a static IP so to make path to system constant for the users. The problem is that the web application makes calls to Twilio SMS gateway to send SMS to clients via the system but with my our current setup, its impossible since the Server is denied internet access. So how to I expose this server to the internet??
What I have seen quite often in corporate environments is the use of a HTTP proxy to let internal systems call other systems on the internet. Maybe there is a HTTP proxy available in your corporate environment that you can use. This would be the easiest way of doing this without having to change the infrastructure.
I am confussed about 3 server so you guys can help me?A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their website accessible via the World Wide Web is it right?
A webhosting allows you to store the files of your website online.
A domain allows users to request those files and view them on there browsers.
Getting a complete website pakkage should include both of them.
A vpn is a virtual private server. Also used for websites but in this case you need to configure your webhosting and domain al by your self (not recommanded)
A dedicated server is used to host gamerooms etc.
I am trying lock down a virtual machine that acts as an app server for a web application. I have a two VM's: One for the app server and another one running the web server. I have to open a ton of ports to allow the web server talk to some wcf services, but I only want to allow those connections from the web server and no one outside of that network. I have to add endpoints in order for the web server to access the wcf services, but this also makes them accesible to the public IP. How can I only allow this traffic on the
For Virtual Machines, the only way of accessing ports from outside the hosted service is by defining input endpoints (with or without load-balancing across a set of machines). In your case, you'd just open, say, 80 and 443, specifically for your web server (e.g. not load-balanced). This is considered a port-forwarded endpoint since traffic on these two ports get forwarded directly to your web server. For more clarity around port-forwarded endpoints, I suggest Michael Washam's blog post, here.
At this point, you'd open various other ports on your app server (through its firewall config), and now your web server can talk to the app server, yet the outside world won't be able to reach the app server. Note: I'm assuming you placed your web server and app server in the same hosted service. Otherwise, you'd need to find a different way to connect between web and app servers, such as configuring a Virtual Network.
EDIT 6/5/2013 You can now enable ACLs on input endpoints, allowing (or blocking) IP ranges. Today ACLs may only be managed through PowerShell, with the June 2013 update. See this post to learn more.
Machines that exist on the same virtual network will be able to talk to each other as long as the local firewall has been opened to those ports. This problem was with my configuration in my application and not because of this. I also didn't have the correct ports open. Now it works like a charm.
A client has asked for additional security for a web app which would allow only company owned and approved tablet computers (brand not yet known) to connect to a PHP web app.
The app will be un/pw protected but the company would like to prevent all access except via the tablets.
MAC addresses would be great for this but these will be used in the field and use a myFi portable wifi to connect to the server so the MAC address will not be available.
Can anyone point me to a sound method for this secondary validation?
Your best solution here would be to deploy mutually-authenticated SSL between your client tablets and your server. You can use self-signed certificates here so you don't need to buy any from a CA. This will ensure that your server only accepts requests from tablets that have the client-side certificate (configure your server to only accept the self-signed client certificates deployed on your tablets for client authentication).