JavaScript GetUserMedia using Chrome with localhost without HTTPS - javascript

I didn't know how to express it in the title, but I'm having an issue with Chrome.
I'm trying to use GetUserMedia() and GetPosition() in Chrome. I know that it requires SSL certification first, unless you're on localhost. The thing is, I can't try my project on my computer, so I must use my smart phone, and in order to access localhost through my smartphone, I must use the machine's IP address (192.168.1.4). The problem is that Chrome doesn't consider this IP address as localhost, so it requires an SSL certificate.
Is there any way I can test my project on my smartphone without having to install an SSL certififcate?

Add your IP address to Chrome's Insecure origins treated as secure setting.
Go to chrome://flags/#unsafely-treat-insecure-origin-as-secure in Chrome.
Find the Insecure origins treated as secure setting.
Enable it.
Enter in http://cntral.me:3000.
Relaunch Chrome.
Voila!
See https://medium.com/#Carmichaelize/enabling-the-microphone-camera-in-chrome-for-local-unsecure-origins-9c90c3149339 for a good walkthrough as well.

You can use a service like https://ngrok.com/ to map a public DNS address with SSL certificate to a port on your local machine.

I assume you're trying to host a Web service on a computer and access it from a smart phone using the hostname localhost.
Two options come to mind:
First, if your smart phone is rooted, you can change /etc/hosts so that the name localhost resolves to 192.168.1.4 instead of to 127.0.0.1.
Second, if you can run an SSH server on your computer, you can set up an SSH client on your phone to forward traffic on some port to another port on a different machine.
For example, in ConnectBot for Android, you can
create a profile for your computer running an SSH server on 192.168.1.4
long-press the profile, and select "Edit port forwards" and then "Add port forward" from the port forwarding menu
configure it to "Local" and then choose a local source port that can be claimed by a non-root user on your phone (say, 8080) and on the bottom line, use localhost:80 (or whatever port the computer is running the service on) to make the SSH server have the forwarding tunnel direct to itself on port 80
This will cause all traffic directed at localhost:8080 on your phone to go to 192.168.1.4:80 on your computer. The browser has no idea that the localhsot:8080 service is actually just an SSH tunnel to 192.168.1.4:80, so it will treat it like any other localhost address.

You can do this without an SSL certificate at all by tunneling the webserver to your phone's localhost.
I use termux to run this command (on the phone itself):
ssh -L 8080:localhost:8080 192.168.0.172
(Leave the ssh session open)
Then go to http://localhost:8080/ on your phone.
If you don't want the session to time out, you can use autossh:
autossh -M 0 -L 8080:localhost:8080 192.168.0.172
Important note: Your development machine (or dev server) needs to be accessible through ssh. For Linux, this can be done by installing open-ssh and enabling/starting the sshd service. You can look up guides for this online.

Related

How do I make my electron apps communicate locally between different machines

I have two electron apps. One is a server on machine1 and another is a client on machine2.
When I start the server from the electron app on machine1, I want machine2 (the client) to be able to be able to receive and send data to machine1 (the server).
I tried using http://localhost approach which works for the app during development but doesn't work for the packaged app which is installed on the machine.
Please help. Thanks
When you package an Electron app, it is no longer running on localhost, it runs on the IP address of the machine on which it is installed.
To establish communication between the server and client apps, you will need to use the IP address of the machine on which the server app is running. You can use the os module in Node.js to determine the IP address of the machine on which the server app is running. Once you have the IP address, you can use it to connect the client app to the server app.
You can also use a package like ip to get the IP address of the machine.
const ip = require('ip');
console.log(ip.address());
Hope this helps.

How to get SSL certificate for homemade webserver

I've created my own webserver using Node.js ans is using it with my DNS from webhost routed to my raspberry pi at home.
How do I prepare the webserver and all the files for getting an SSL certificate using Let'sencrypt?
I've not made any work prior to getting the SSL other than creating the server to run on localhost. Now it's running on a public ip while using my purchased DNS.
I haven't been able to find any litterature other than the off the shelf webservers like apache and such and I really want to run with my own.

Access network camera from outside LAN without port forwarded

I have raspberryPi camera with mjpeg stream to show live streaming. Right now when I create a web-server inside the local network I am able to see the live stream on web browser using simple html iframe. Now I need to move my webserver to public server and I will not be able to do port forwarding with raspberryPi to show the live on web-page.
Is there any way to stream a video feed to we-browser where the server is publicly accessible.
I have found the webRTC. Is there any quicker why available to make stream a camera feed to website. That is peer to peer connection between a web Browser and raspbarryPi where no port forwarding can be do at raspbarryPi.
Make port public using ngrok.com
This tool can make a port publicly accessible without router access. It creates a link from where you can see your current link to your webcam. The free version of ngrok do have some limitations like that max amount of new connections per minute.
Port forwarding through VPS using ssh
In Godaddy you can also create an ubuntu system. You can open ports on this system for it to be accessible from anywhere. Then on your raspberry-pi you can run ssh -L [public-port]:localhost:[private-port] [youruser]#[server-ip] example: ssh -L 3000:localhost:3000 myuser#mywebsite.com. This would make your project on the raspberry pi on port 3000 be accessible with "mywebsite.com:3000"
I know it's an old question, but will answer for the late me.
I answered a similar question here. It boils down to:
/usr/bin/autossh -N -f -M 0 -i /home/pi/.ssh/id_rsa -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 10554:192.168.1.100:554 root#example.com
where:
-N: don't execute any command via SSH
-f: put SSH in the background
-R: remote port forwarding
10554: a port to open on the VPS to access the IP camera (better if > 1024)
192.168.1.100:554: IP address and port you want to access remotely
root#example.com: user and address of your VPS
To access the RTSP stream of the camera, open rtsp://<username>:<password>#example.com:10554/<path-to-stream>.
Of course it works fine also for other kind of streams (e.g. HTTP).

How to embed shellinabox into my webpage?

I am trying to ssh into some machine , but port 22 is blocked due to
our college firewall .
Later I was able to ssh using web-ssh client : shellinabox running in some server , but i don't have sudo access in that server, as I need to download some software too , I planned to install shellinabox using iframe<>
in my server , but i have no idea how to do it ??
I have no ssh-access to my server so I can't install it using apt-get
Can anyone help me to do this ?
For installing shellinabox you need a working server.
Access your shellinbox server from outside your LAN
Configure your home router to forward TCP traffic port 443 (assuming you followed the above tip) to your computer's IP address. You can right click on the Network Manager applet and choose connection information to find your computers IP address. Now you can access your computer when away from home by navigating to https://yourpublicIPaddress. You can get your public IP address by going to http://whatismyip.com. To make it easier to remember your public IP address you can register with a Dynamic DNS service.
If you wish to install shellinabox in your web page after installing a working server by using iframe use the below mentioned command
<iframe src="https://yourpublicIpaddress" width="300" height="300" frameBorder="0" scrolling="no">Browser not compatible. </iframe>

Self-signed SSL cert for localhost, how to make trusted

I have an Owin self-host C# app that provides Web API services over 127.0.0.1:5555 (it only listens on localhost, no external connections).
These Web API services are called using Ajax from an AngularJS app. As an aside: the reason for the Owin app is that certain interaction with the hardware is needed, which is not possible from within a browser. Also, the AngularJS app is for internal use, so I have control over the browsers used.
The above works very well over HTTP, but the Angular JS app needs to use SSL, which does not work unless the Owin app also uses SSL (otherwise you get "Mixed content" errors).
I have bought an official cert for the AngularJS app, and I am using self-signed certs for the Owin localhost stuff.
The problem is that I get "NET::ERR_CERT_AUTHORITY_INVALID" (when testin from Chrome) and "net::ERR_INSECURE_RESPONSE" from the AngularJS app when talking to the Owin Web API.
Here is what I have done, in broad strokes:
I used a CentOS box to generate the cert for localhost and exported it to pkcs12 / pfx format. I also generated a CA cert and exported it the same way.
Using MMC I imported the localhost cert on the Windows 7 machine running the Angular & Owin app into Certificates (Local Computer) > Personal > Certificates.
I also imported the CA cert on the Windows 7 machine into Certificates (Local Computer) > Trusted Root Certification Auhorities > Certificates
Looking at the localhost cert, it says "Issued to: localhost", Issued by: "ca.acme.com", "You have a private key that correpsonds to this certificate", (under Certification Path) "This certificate is Ok"
The CA cert says "Issued to: ca.acme.com", Issued by: "ca.acme.com", "You have a private key that correpsonds to this certificate", (under Certification Path) "This certificate is Ok"
netsh http show sslcert
IP:port : 127.0.0.1:5555
Certificate Hash : 1234555555555555555555511155555555555555
Application ID : {1234a123-1234-1234-1234-123412341234}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
What am I missing? How can I make Chrome, etc. trust the SSL cert for localhost?
I got this working (sufficiently for my current needs, at least).
I copied the localhost cert from "Certificates (Local Computer) > Personal > Certificates" to "Certificates (Current User) > Personal > Certificates". This got rid of the red cross-out of https in Chrome (and the "NET::ERR_CERT_AUTHORITY_INVALID" message) as well as the "net::ERR_INSECURE_RESPONSE" error in AngularJS.
Note that in my case, the localhost cert had to be in both the Local Computer store and in the Current User Store, otherwise the netsh command for binding it to port 5555 (for the Owin app) would fail:
netsh http add sslcert ipport=127.0.0.1:5555 certhash=1234555555555555555555511155555555555555 appid={1234a123-1234-1234-1234-123412341234}
SSL Certificate add failed, Error: 1312, A specified logon session does not exist. It may already have been terminated.
There is still no nice green padlock in Chrome (it now has a yellow little triangle on the pad lock, "The identity of this website has been verified by ca.acme.com but does not have public audit records"), but this does not seem to interfere with the Web API communication, so it should be fine.
If anybody knows of an easy way to make it all green and nice with no warnings, I am still interested, but it is not critical.
On Linux I had to apt-gt install libnss3-tools
With libnss3-tools you get certutil
Now the key-command:
certutil -d sql:$HOME/.pki/nssdb -A -t "CP,CP," -n <your alias> -i <your crt-file to import>
This solve all my problems with Chrome on Raspberry / Linux

Categories