I have a development server that I run locally on my Mac, which is named mark-mb12. It has a number of docker containers and exposes a few subdomains (api, www, admin) over https. Because I use https, I've created a local Certificate Authority and certs using my local machine name, so they are for mark-mb12.local, api.mark-mb12.local, etc. I modified my /etc/hosts file to define the subdomains, mapping them to 127.0.0.1.
Everything works just fine on my machine. I can access the www and admin subdomains in the browser, and my iOS app works against the api subdomain when running in the simulator.
From my iPhone, I have it working so that I can access https://mark-mb12.local in Safari, so I have the CA installed and trusted.
What I can't seem to figure out is how to access the subdomains from my device or a browser running on a different machine.
Any ideas as to what I need to do?
Related
I'm a newbie when it comes to certificates.
I'm building a Linux docker image with a Dot Net Core REST WebAPI app that will host the backend for a game. I plan to host this backend on Azure using a Container Instance.
I'd like all communication to be via SSL. I've created a self-signed cert for local communication from my Windows machine to the container. Once I registered it in my hosts file, the self-signed cert is working fine locally.
Now I'm ready to host on Azure. I'm prepared to obtain a CA cert, but am trying to work out how to maintain local access w/o cert errors as well as public access w/o cert errors without modifying the container between my local/debug sessions and the production/remote sessions. I'd prefer to have a single certificate, if possible.
Can anyone give me guidance on how to setup a cert for this situation? Seems like a common need, but I'm not finding resources to walk me through it. Thanks!
I have an OpenID Connect server (OpenIDdict) and an asp.net core webapp in containers behind a TLS termination proxy. In production, all communication between the webapp and the OIDC server can go through the 'outside', based on their public names. However, in development, I'm using self signed certificates that aren't trusted by the containers running the apps, only by my host pc. Because of that, in development, the webapp can redirect the browser to the OIDC server just fine, but when it, for instance, needs to call the token endpoint, it will fail, because the certificate isn't trusted.
A possible solution would be to have the server to server communication go through the internal container network, but I haven't been able to get that to work. Is there a way to make the asp.net core OpenID Connect middleware use a different url (and protocol) for server to server communication?
Another solution would be to install the self signed certificates in the containers, but because that's only needed in development, it seems bad practice to burden the images with that. Is that assessment correct?
I'm hoping I'm missing the most obvious solution. Any ideas?
This is what I ended up doing:
I added a custom domain to the hosts file of my pc, pointing to itself.
Using openssl, I created a rootDevCA.crt and added it to the trusted root on my pc and in all the container images.
With that root certificate, I signed a new certificate for the custom domain and supplied that (including its key) to the proxy.
As long as I keep the key file for the root certificate far away from my source code, there should be no security issues.
I am running a local web server with SSL enabled that my app needs to log into. I have a domain name whose A-record is set to 127.0.0.1, which allows for local development using loopback with an nginx server with different subdomain configurations for services on the app I have hosted locally. The problem is that, in the iOS simulator, the domain resolves to the device's localhost and not my machine. I can't use the IP address of my machine because I need the domain for nginx to redirect to the proper vhost (also SSL and OAUTH would get mad).
Is there any way to use a custom DNS server for lookup in the simulator? Either that, or can I edit the hosts file to set the domain to my device's LAN IP instead of localhost? Any other ideas?
I'm hosting a .NET Core HTTP application on localhost using Kestrel on an available port for some browser-based UI tests, but when trying to access it using real iOS devices with BrowserStack Automate with BrowserStackLocal.exe, Safari consistently refuses load the page.
I've tried various parts of the IP ranges documented here, but none have been successful. Desktop browsers (Chrome, IE, Edge and Firefox on Windows, Safari on macOS Mojave) and real Android devices work as expected.
I've also tried using the local IP address of the machine and the fully-qualified domain name (FQDN) as described here, but neither work portably as Windows Firewall blocks the connections even through BrowserStack Automate can resolve the address.
Port 80 is not a viable solution as developers' machines will have IIS running on their machines using that port, so it is not available for other purposes.
Given the following constraints, what are the workable solutions?
Hosted on HTTP.
Runs without admin privileges (i.e. no reconfiguring the firewall or using privileged port numbers <1024).
At least two possible port numbers to use so that if one is in use there's at least one alternate to try.
No additional manual setup required to run the tests (should just be the command dotnet test).
On the iOS devices, try resolving http://bs-local.com:5000 instead of http://localhost:5000.
You can access the site using http://bs-local.com:5000, But make sure to disable the host check for webpack using disableHostCheck: true in configuration.
For angular cli users, to disable to the host check you need to use --disable-host-check like ng serve --port 4200 --disable-host-check
This is from BrowserStack's support:
a) On Safari
Previously, accessing local websites with 'localhost/127.0.0.1' in the URL was not supported on iOS devices running iOS versions 10 and above.
However, to make sure that your website loads with 'localhost' in the URL, we now modify the URL to http://bs-local.com on these devices. This helps in loading your website in an expected manner. The same is mentioned here.
In the screenshot you've shared, you can see the redirection to bs-local.com as well.
It seems that your localhost website is configured to be accessible only via specific hostnames such as 'localhost'. Thus, you face the reported error.
To be able to test your localhost website via Safari on iOS devices, I would recommend configuring your localhost website to be accessible via the private IP address of your local machine.
Once done, you can access your localhost website as http://<private_IP_address:port> and this should work.
I would also encourage reading through this guide to understand how you could achieve the above: https://www.notion.so/Testing-localhost-on-iOS-devices-1ceb5e274cee46d7ac538b71304919b4
b) On Chrome
Due to restrictions imposed by Safari, testing localhost websites on Chrome is not supported by default on iOS devices.
The problem arises with the usage of the domain 'localhost'. We are actively trying to find alternatives for this behavior as well.
However, in the meantime, you can access your localhost website via the private IP address as mentioned above via Chrome browser on iOS devices as well.
Once you make the necessary changes to your configuration to allow your localhost website to be accessible via the private IP address, you can test your localhost website via Chrome on iOS as well.
Feel free to reach out should you need any further assistance!
Note: The private IP address is not the same as 127.0.0.1. You can use this article to identify the private IP address of your machine.
Regards,
Reehan
BrowserStack Support
Did you try changing the 'localhost' with the IP address of the machine (where the web is hosted)?
For instance - If the IP for the machine on which application/webpage is hosted is 22.22.22.22, then change http://localhost:3000/index.html to http://22.22.22.22:3000/index.html in your test
They have mentioned the same here - https://www.browserstack.com/question/663
If you are using Angular CLI then please run command
ng serve --host 0.0.0.0 --port xxxx
This will make sure that you would be able to access application using your IP and port specified. Once done you should be able to access your application using browser stack iPhone device browsers using IP and port rather than localhost.
Using WEBrick you could navigate to an app you were serving from another device/virtual machine by navigating to your.ip.address.here:port
Is it possible to do something similar with pow.cx?
The latest version of Pow (0.4.0) now includes xip.io support. You can read about the release here.
Here's a quick explanation of how this helps Pow serve your Rails apps across your entire local network, from their post:
Say your development computer’s LAN IP address is 10.0.0.1. With the
new version of Pow, you can now access your app at
http://myapp.10.0.0.1.xip.io/. And xip.io supports wildcard DNS, so
any and all subdomains of 10.0.0.1.xip.io resolve too.
Here's a description of xip.io, from their site:
xip.io runs a custom DNS server on the public Internet. When your
computer looks up a xip.io domain, the xip.io DNS server extracts the
IP address from the domain and sends it back in the response.
There are basically two options:
Don't use pow: run your applications on localhost as usual and access them as usual
Edit the hosts file (or local DNS) to point your server machine ip
Example accessing from a virtual windows machine:
Suppose you are running two rails applications in pow: store.dev and auth.dev, and you want to access them from a windows xp virtual machine to test them with IE, you only need to edit your hosts file to add the lines:
C:\WINDOWS\system32\drivers\etc\hosts
# Allow to access applications in pow.
# The ip address points to the host machine localhost, that usually is the default gateway
10.0.2.2 store.dev
10.0.2.2 auth.dev
And then open the IE browser to access your applications in http://store.dev and http://auth.dev respectivelly.
Specifically, no, because Pow uses the Host header of the request to determine which app you need to access. To get that working remotely, you would have to have the remote machine map the required domain name to your IP address - either with a local DNS server or by editing the HOSTS file. Both of which are possible but annoying.
The simplest thing to do in that case is to start up a standalone Rails server as you mentioned (using ./script/server or rails s depending on the version), and then you can address http://[ip address]:3000 as before.
In other words, Pow works because it intercepts your local domain resolution, something that isn't affected by (or available to) remote machines.