I'm using node js trying to send my web-page to my network, I successfully call localhost:port in my computer using express as server, the webpage loads fine trigger my webcam which I used to streaming in the webpage, and then im working to make a simple app in my phone to directly access my server, so my questions:
1.How do I able to access my server from different devices in the same wireless-network? by calling ip + port ?192.168.1.104:9001 ? cause i've tried and it didnt work.
2.I've found https with .pem something like that, is that the answer ? is there also any other way ?
3.maybe any advice before i work to make my web-app to devices? using koa? i don't even really know what is that, but i'm happily take any advices.
EDIT: i've read How could others, on a local network, access my NodeJS app while it's running on my machine?
let's say I simply using random router, so i can't configure my router-port, my server in my pc and my phone join in the same network, trying to access the server in my phone
1.How do I able to access my server from different devices in the same wireless-network?
All you need to do is find your server's IP address in this same wireless-network, and find the Node.js application's port. Then access the following URL in other devices:
http://{server_IP}:{port}
However, there are some points need to check:
Need to check firewall and confirm the port is not blocked, server IP is not blocked by test device, and test device IP is not blocked by server.
Need to check whether there is any Proxy setting in server and test device. If there is any, disable the proxy.
A computer may have many IP addresses at the same time, you need to find the correct one in the same wireless-network. For example, If you install a virtual machine software such as VMware and run a virtual system inside, your real computer will get IP address as 192.168.*.* -- this IP address looks like an intranet IP in wireless-network, but it is not, and can never be accessed by test device.
2.I've found https with .pem something like that, is that the answer?
No, HTTPS has nothing to do with this problem. HTTPS just add security (based on HTTP layer), it does not impact any HTTP connectivity. Actually, to minify the problem, it is better to only use HTTP in your scenario.
There is only one very special case that may bring your problem by HTTPS -- the test machine is configured and will block any non-HTTPS connection for security.
3.maybe any advice before i work to make my web-app to devices? using koa?
My suggestion is: As there is an HTTP connectivity issue, the first step is trying to find the root cause of that issue. Thus, it is better to make a simplest HTTP server using native Node.js, no Koa, no Express. In this way, the complexity of server will be reduced, which makes root cause investigation easier.
After the HTTP connectivity issue is fixed, you can pick up Koa or Express or any other mature Node.js web framework to help the web-app work.
4.let's say I simply using random router, so i can't...
Do you mean your server get dynamic IP address by DHCP? As long as the IP is not blocked by test device, it does not matter.
Related
A node js server is running on localhost on my PC. I am connecting this server to a mobile app with some IP(192.168.0.120:8044) for API requests. I am sharing this IP address by scanning a QR code in my desktop electron app by mobile application. So the first time I am able to get the server's IP by QR.
But when my Desktop boots again. The private IP might change to maybe 192.168.0.121
Is there any way in node.js to make this private IP static so my mobile device can always know where to send all API requests?. like creating a custom subdomain locally not exposed to the internet?
I know I can just go to the PC's setting and make Ip static. But in production, it might be a big issue to ask users to do so.
While it may be possible to go into the computer's config programatically and make the IP static, it would be better to structure the application not to require such a thing.
Since the client initially connects to the server with a QR code, you could have the server embed its hardware MAC address in the code, instead of (or in addition to) the server's IP. On the client, save the MAC address in the app's permanent storage.
Then, to connect to the server from the client, search through the LAN's ARP table to identify which (if any) IP addresses have that MAC address. If so, you've found it - if not, the server is offline.
This has taken me about a year to understand and get to, but I am the limit of my capability so reaching out to a StackOverflow guru please...
I would like to, if possible, secure my network model. The model is as shown in the diagram. To explain:-
All the aspects I have control of, is within the green shaded area. I cannot change anything outside this.
I run a simple application web server which is the VPN IPsec/L2tpd client. Static IP.
My router is ISP provided. It receives a DHCP Dynamic IP from the ISP.
My Digital Ocean Virtual Private Server has a static IP. It runs an NGINX reverse proxy that channels traffic through the VPN tunnel. It also runs the IPsec/L2tpd server.
A IPsec/L2TPD VPN tunnel is established and working.
A working VPN tunnel.
A cellphone that runs an app that communicates with my application server app. My cellphone receives a dynamic IP from my Network Operator.
I have three IP camera feeds served by my application server. Not a great speed but watchable in real-time.
I cannot change my ISP, or bandwidth/download/upload speed.
I cannot install VPN clients on the cellphone and I may want to access my app server through another cellphone provided by work so cannot install apps on it but does have unfettered web access through a browser.
Everything is now working, can't believe I've done it !
Anyway, my question is:-
Is there any way to secure the network so that only traffic from my mobile reaches - or rather is accepted - by my application server.
I accept IPsec/L2tpd is not great, but it is fast and I use this because I have tried OpenVPN, SoftEther and key based OpenSwan. These are waaaay to slow. The camera feeds are unwatchable and update one frame about every 5 seconds.
So with the limitations above, what can I do, what is possible? Please may I respectfully ask that you refrain from suggestions and concerns requiring a change to that which I cannot control, i accept all critique but that is not what I need here. I am asking for advice on how to secure , that which I can influence. Thank you
I cannot install VPN clients on the cellphone and I may want to access
my app server through another cellphone provided by work so cannot
install apps on it but does have unfettered web access through a
browser.
Due to the limitation that at the end, even a phone where you are not allowed to change anything but use the web, i suggest to configure proxy authentication on the nginx reverse proxy. I don't have experience with setting this up with nginx in particular but that's what should do the trick according to the network architecture and description you provided.
An example configuration on how to configure nginx for basic / client certificate auth can be found at: https://www.cloudsavvyit.com/1355/how-to-setup-basic-http-authentication-on-nginx/
I am new to web development. I am developing a flask web server on my linode linux web server on port 5000. I got this output from an unknown ip. I researched the ip and found out that this is a whitelisted IP address and is "harmless", but I dont know. It looks like it sent GET requests to my cover photo, the javascript, the css, an icon on the page, and an unknown request. What does sending a GET request to these items even entail? I dont have any button or anything that sends a get request to these items. Whenever I am developing the web server while on port 5000 I am usually the only IP on the output. Additionally, this web server communicates with a raspberry pi over mqtt over the non-encrypted port 1883.
Again, I am new to this world and am wondering if anyone can help me decipher what this means that would be very helpful. In the meantime should I will configure the servers firewall to only allow requests from my computers ip to my server? Anyone think this is a reasonable next step or have any additional advice?
I believe what's happening is that your website is sending a GET request to retrieve those assets (e.g. your images) which are stored under your localhost address and the paths that you see in the console output.
I want to host a web app with node.js on a Linux virtual machine using the the HTTP module.
As the app will be visualising sensitive data I want to ensure it can only be accessed from PCs on the same LAN.
My understanding is that using the HTTP module a web server is created that's initially only accessible by other PCs on the same LAN. I've seen that either by tunnelling or portforwarding a node.js server can be exposed if desired.
Question
Are there any other important considerations/ways the server could be accessed externally?
Is there a particular way I can setup a node.js server to be confident that it's only accessible to local traffic?
It really depends what you are protecting against.
For example, somebody on your LAN could port forward your service using something like ngrok. There are a few things you can check for:
In this case the header x-forwarded-for is set. So, to protect against this you can check for this header on the incoming request, and if set you can reject the request.
The host header is also set and will indicate how the client referred to your service - if it is as you expect (maybe a direct local LAN address such as 192.168.0.xxx:3000) then all is OK, if not (I ran ngrok on a local service and got something of the form xxxxxxxx.ngrok.io) then reject it.
Of course a malicious somebody could create their own server to redirect requests. The only way there is to put in usernames and passwords or similar. At least you then known who is (allegedly) accessing your service and do something about it.
However, if you are not trying to pretect against a malicious internal actor, then you should be good as you are - I can't think of any way (unless there is a security hole in your LAN) for your service to be made public without somebody actively setting that up.
My last suggestion would be to use something like express rather than the http module by itself. It really does make life a lot simpler. I use it a lot for just this kind of simple internal server.
Thought I'd add a quick example. I've tested this with ngrok and it blocks access via the public address but works find via localhost. Change the host test to whatever local address (or addresses) you want to serve this service from.
const express=require('express');
const app=express();
app.use((req,res,next)=>{
if (req.headers.host!=='localhost:3000' || req.headers['x-forwarded-for']){
res.status(403).send('Invalid access!');
} else next();
});
app.get('/',(req,res)=>res.send('Hello World!'));
app.listen(3000,()=>{
console.log('Service started. Try it at http://localhost:3000/');
});
I would prefer using nginx as a proxy here and rely on nginx' configuration to accept traffic from local LAN to the node.js web server. If this is not possible, a local firewall would be the best tool for the job.
I am using Nodejs with the express, bcrypt and body-parser packages on an ubuntu linux system.
Everything works fine so far.
However, I´ve been wondering if there is an easier way to connect to my website.
Until now, I have to type in my IP adress, e.g. https://XXX.XXX.XXX:3000 to actually see the content.
I´ve already tried avahi-daemon but did not get it work. Whenver I try 'hostname.local' I get the same error: Firefox is unable to connect to server.
However, using the IP-Adress: https://XXX.XXX.XXX:3000 works.
I would like to access my NodeJS sever with something similar to: computername.local
FYI: I just want to use it in my local network at home.
Does anybody have any idea how to get this work?
You have a couple choices. The easiest,if available, is probably to setup your home router to always assign it the same IP address (how to do that will vary based on your router). If your router has it available, you could also set a host name for it there in DNS settings.
If your router doesn't have DNS settings available, then you can add a line to each of your home computers /etc/hosts file (if memory serves Windows has it in C:\etc\hosts). Let's say the IP you give the server is 172.16.1.11, your hosts entry would be
172.16.1.11 computername.local
You could also setup your own DNS server in your house, possibly even on the same machine as has your node app, and then configure it to handle the one address before forwarding DNS requests for others to your ISP but that seems like overkill if you have just one app.