I have setup a webapp to work with websockets.
This webapp worked fine over local/wired network.
I realiced (maybe im wrong) that websockets cannot work over mobile network 3G/4G because of ISP proxies. But then i saw that secured connection pass through mobile networks proxies (https://github.com/websockets/ws/issues/257).
So i created a simple self signed cert using openssl.
Finally my application works over https to host WSS protocol. So now i tried to connect with my phone using 4G but page does not load. But it works perfectly over WIFI connections, also with my desktop PC.
https://ciroreed.net:8080/
Can i provide other useful information?
EDIT
The problem was that mobile networks sometimes wont load ws:// protocol.
We solve this setting up an https server, and ofc use wss protocol also.this package for sockets https://www.npmjs.com/package/ws
To ensure websocket works here is my advice:
use wss, not ws
use a valid signed certificate
check your wss endpoint with ssllabs.com (especially for missing intermediate certificate, the most common error)
Related
I'm making a hobby project and it involves a NodeJS http server that I access via a web browser (through GET and POST requests). The HTML/CSS/JS part of the webpage is local, not on the NodeJS server.
I understand I need to generate SSL certificates but those ask for things like domain names and stuff.
I simply want to enable HTTPS on my NodeJS server. Right now I'm manually encrypting all messages sent back and forth through AES, but I trust the https security more, I'm not a cryptographer.
Is there an easy way to get those certificates? My NodeJS server is accessible via the internet but only by IP address (port forwarded), and through the express module using HTTP requests.
Do I need to pay for them?
In this case you can take services from Digital Ocean, you can buy subscription as per your choice and deploy your Nodejs app with free SSL certificate.(let's encrypt)
However I recommend you to understand following concepts
Reverse proxy (nginx)
Process managements (pm2)
SSL certificates
I am sure, You would love to go though with starter tutorials from DigitalOcean
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
As Its a hobby project, otherwise I would have recommended other options.
Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?
Well, the good news is that you don't have to do that. The Cloud Foundry platform takes care of it for you.
All you need to do is push your app and assign a route to the app. Your platform operations team will already have everything set up so that traffic for both HTTP and HTTPS routes through to your application.
The only thing you probably want to do in your application is to look at the x-forwarded-proto (should be http or https) or x-forwarded-port (80 or 443) header. You can use this to determine if the client's connection was over HTTP or HTTPS, and if it's HTTP then issue a redirect to ask the client to connect over HTTPS (this force clients to use HTTPS).
You can read more about this in the docs at the following link:
https://docs.cloudfoundry.org/adminguide/securing-traffic.html
Having said all that, if you really want to control the certs for some reason you can do that. You would need to map a TCP route to your application. This will enable TCP traffic to flow directly to your application. Then you can configure your application as an HTTPS endpoint on the mapped TCP route and port.
Some notes about this:
You will almost certainly end up with some high numbered port, not 443. The platform will have a pool of available ports, which is configured by your operations team, and you are limited to using only those ports.
The platform and buildpacks will not help set up TLS, you will need to handle that all on your own. The good news is that it should work exactly the same as if your app were running on a VM or your local laptop.
You will need to create your own TLS certs and push them with the application. You can probably use Let's Encrypt, but you may need to obtain these through your employer, if you work for a large company.
I'm developing a cross-browser and cross-platform PWA for a camera slider. The idea is that a Raspberry Pi is serving a web interface for controlling this and also serves as an access point so it can be used without an Internet connection.
But since PWAs need the HTTPS protocol I don't know how I can serve my web application over HTTPS in a local network. Certificates are bought for domain names and not for a local IP address.
I do not want my customers to have to accept an "unsecure" private certificate every time before they can use my application.
Is there even a solution for my problem?
Ι have an IoT device posting data to a web app hosted to IIS 6.2.
Posting with http is working perfectly. When i change it to https i am getting handshake error.
The same web app has web interface that uses the same SSL certificate and works perfectly on all browsers. Thus I guess, that SSL setup is correct.
I have tried to change the server certificate with a self signed certificate create from IIS with the same results.
I have also tested the IoT device to other servers with SSL and it works.
Here is the wireshark communication
and here are the SSL protocols available on server
i am also attaching a report from ssllabs
any ideas?
A client has asked for additional security for a web app which would allow only company owned and approved tablet computers (brand not yet known) to connect to a PHP web app.
The app will be un/pw protected but the company would like to prevent all access except via the tablets.
MAC addresses would be great for this but these will be used in the field and use a myFi portable wifi to connect to the server so the MAC address will not be available.
Can anyone point me to a sound method for this secondary validation?
Your best solution here would be to deploy mutually-authenticated SSL between your client tablets and your server. You can use self-signed certificates here so you don't need to buy any from a CA. This will ensure that your server only accepts requests from tablets that have the client-side certificate (configure your server to only accept the self-signed client certificates deployed on your tablets for client authentication).