I've created a server using c++ and crow that uses webSockets to communicate with the client (which is an ionic app). I've been do everything through localhost but now I want to deploy the webapp to my iphone and have it communicate with the server. How do I get the URL for the server for the client to use in it's websocket so it can talk to the server?
In most cases when you want to host it for production you would upload it to a hosting provider (e.g. Azure, AWS, Heroku...).
Once you set up a server with the hosting provider they will provide you with the IP address and/or a URL to connect to the hosted service which you can use in your application.
Well, if your server is like webhost,VPS,CLOUD,or dedicated server, it has static ip address which you can use in your client websocket as the address. Also, the better approach is to point a domain name to the ip address of the server (or host) so that your client can always find the server.
In case you are trying to connect it to your local machine behind a router or modem, then your server might be behind NAT. Find appropriate port-forwarding configuration for your router and forward incoming and outgoing TCP public ports to your local address. then use your public ip address for websocket address (what is my ip).
Also, in case your public ip address is dynamic and might change over time, there are services like noip.com that help you create a free domain and use it in your client which helps you find the right ip address all the time.
Related
I have a self-hosted wcf service on a pc in the office. The service address is the IPv4 of the PC + port + / service / ERP.
So that the client application can access from the LAN, it uses the address of the server as I mentioned, and to access from outside the LAN, I use the public IPv4 or a url of some DNS provider and in the Reuter I redirect the port to the PC where the service is hosted. So far everything works perfectly, the problem I have is that the notebooks must access from inside the LAN and sometimes from outside, but if I use public IPv4 from within the network I cannot access the service.
My current solution is to have two configurations or two icons, one for internal access and another for external access where the user selects depending on their location, but I would like to have access and somehow be able to detect if it is on the LAN or on the outside, or if you know of any way to allow access from a LAN using a public IPv4
I have an AWS Client VPN set up using certificate auth. I'm setting this up for a client-client access system, essentially as is described in this AWS scenario/example. It's all working, and I can ping from one client to another if I know their IP address.
My question is: in actual use, what use is this system if clients get assigned a random IP address every time they connect to the VPN, and there's no way to tell which clients are connected or what their IP addresses are without checking the AWS console or using the describe-client-vpn-connections CLI (which requires IAM credentials)?
Is there any way to:
Assign static IP addresses to specific clients, so they receive the same one every time they connect to the VPN?
Get a list of connected clients (with their CommonName and IP address)?
Use a connected client's host name / computer name instead of their random VPN IP address?
Any other way to connect from one client to another without having to use the AWS Console or describe-client-vpn-connections CLI to get a list of connected clients?
Much of what you're asking for is not possible. In many organizations, client-to-client communication is not the norm. For client-to-server communication, AWS Client VPN works well.
There is no way to assign static IP addresses to specific clients.
You can get a list of current connections and client IP addresses with the following AWS CLI command:
aws ec2 describe-client-vpn-connections --client-vpn-endpoint-id (endpoint ID)
You might be able to get your clients to register via a shared DNS server to get their VPN IP address.
I suspect you'll have better luck rolling your own VPN solution with something like OpenVPN, which much of the AWS Client VPN is built off of.
Scenario:
I have an EC2 server which houses the api currently setup to accept connections from several iPads. I do not wish for network sniffers to see the JSON requests that are being exchanged between the servers and the devices. The idea is to have a secure protocol in place so that communication will be secured.
I have been told purchasing a SSL certificate is the way forward. The Amazon server instance I have running has an address in this format:
ec2-xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com/
this is where my web root is with all the appropriate web service files. My webservice urls look something similar to this:
ec2-xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com/Agent/Create
so on so forth. There is no hosting plan whatsoever (in the case that information is necessary).
I have been recommended to buy an SSL Cert from http://www.Godaddy.com and have thought about getting the up to 5 multiple domains SSL certificate package.
Question: 1
What things do I need to be made aware of in order to make sure nothing fails?
I have recently read that I may need to associate an elastic IP address to my instance, otherwise the IP of my instance will change on reboots? And if that is the case, that means that the SSL certificate that was used for this: ec2-xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com domain would no longer work since the ip address would have changed upon reboot and therefor me losing my secure domain?
Question: 2
If my thoughts in question 1 stands true, then my question would then be what is the most user friendly way or lets say, the way for beginners to create a dedicated url for my server instance (so that 1) the domain name doesnt randomly change upon server reboot (not sure when i would reboot anyway) and 2) does this mean I can have easier webservice urls that one can remember? such as.... www.pk.com/Agent/Create instead of the long ec2 ugly url?!
Any easy to follow tutorials would be very helpful. I have looked at a few articles that spoke about elastic ip address, SSL certificates, and other articles about renaming ec2 url, but I'm in a position where I dont actually know which one applies to me. lol
Hope someone can help. thanks
What you want to do is to get an elastic IP address. This lets you bind your instance to a particular IP address when you start it up. You can then register a hostname in DNS (Amazon don't help you with this part) and state that that hostname has the IP address that is the elastic IP address that you have registered.
The final piece is to get a server certificate (strictly, a keypair where the public part is the server certificate) that has the hostname in the CN field of its Distinguished Name, and to install that server keypair on the instance. (This is another part that Amazon don't help you with, and is in fact the same process as if you were hosting the hardware yourself.) Like that, the client
looks up the hostname and gets the elastic IP address,
connects and gets the server certificate, and
checks the server certificate and sees that the hostname it is for is the hostname that they expected. (There's a few other checks as well, such as whether the certificate was signed by a trusted certificate authority and whether the certificate is within its validity period.)
That allows the client to trust that who they have securely connected to is who they expected to securely connect to, which is a key part of establishing trust.
What you do not do is use the AWS machine names (internal or external) in the certificate you apply for. Those change and you really do not want to trust other people's VMs.
Donal's answer is the way to go. You need to explicitly register a domain and generate the SSL certificate containing the CN as that domain. Elastic IP addresses definitely are your friends in this issue. You will need them.
I added another answer in order to give another point of view: if you ever want to scale your backend solution, going that way will be more difficult. If you ever thought about adding more servers to host your web service, you should definitely set up an Elastic Load Balancer, add your instances to it, and point the domain you just registered to your Elastic Load Balancer. Then, you can purchase the SSL certificate and install it directly on your ELB, configuring SSL termination on the ELB. You will also configure the ELB so that connections arriving at port 443 will map to port 80 (or whatever port) on your servers. Don't worry, this is plain easy to set up.
Whenever you want to add more servers to your web service, it will just be a matter of setting up another EC2 instance (this process can - and should - be automated) and adding it to the ELB.
With this setup, you get rid of the need for Elastic IP addresses. All the connections go through the ELB.
There is a web service (in an Intranet environment) what checks the client IP and if it is not a valid IP then refuses the request. Is there any opportunity to cheat at this web service with the IP?
Thank you in advance.
It is prefectly possible to send IP packets with fake IP addresses. However, you won't get a reply because the reply will be directed at the fake IP address. This means that you can't establish TCP connections (upon which HTTP(S) depends) because they require two-way IP traffic.
I’m developing a small application that interacts with a web service which authorizes access based on the client IP. When developing on my local machine at home, I am not allow to access the web service, unless I request an authorization for the random IP that i get from my ISP.
My question: Is there an easy way to get around this problem, since I cannot have a fixed IP at home? Proxy, vpn, etc... through a webserver with an authorized IP? How?
Thanks in advance :)
I assume this is your problem: You can only connect to remote_system from Authorized_IP system.
If you can ssh to Authorized_IP from your home PC, you can setup a ssh tunnel that forward connection to port 8080 of Authorized_IP to the port 80 of the remote_system with ssh command. If you run Linux on the Authorized_IP system, it is very simple. Windows is more complex with Cygwin sshd, it is possible.
http://www.google.com/search?q=ssh+tunnel
To answer your question directly: Dynamic DNS. For testing, point your web service at a hostname that your get from a dynamic DNS provider such as http://dyndns.org. Then download a tool that automatically updates your DNS entry with your dynamically assigned IP address.
But more to the point, why can't you just use your localhost (127.0.0.1) as your IP address for developing, debugging, testing?