Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access an application in https without the domain name local-ip.medicmobile.org #27

Open
Mike6547 opened this issue Aug 31, 2023 · 3 comments
Open

Access an application in https without the domain name local-ip.medicmobile.org #27

Mike6547 opened this issue Aug 31, 2023 · 3 comments

Comments

@Mike6547
Copy link

Hello,
First of all, thank you for your script.

I have a local web application on port 8098, to access it I launch the following URL http://192.168.0.110:8098 , but I would like to be able to access it with the following URL https://192.168.0.110:8098 (https), without the domain name domain name local-ip.medicmobile.org which is added after the the IP address!

How can I access my application with https://192.168.0.110:8098?
@mrjones-plip
Copy link
Contributor

Hey @Mike6547 ! Thanks for the inquiry.

tl;dr - we can't help you - please read below. But before we close the ticket - maybe you can explain your use case? It'd be helpful to understand why you need TLS cert on a specific IP and not use sub-domains like this project supports.

the "too long" part:

First - it's important we stop and appreciate the prerequisites for a valid TLS certificate using domain validation which is one of:

  1. Response to email sent to the email contact in the domain's whois details
  2. Response to email sent to a well-known administrative contact in the domain, e.g. (admin@, postmaster@, etc.)
  3. Publishing a DNS TXT record
  4. Publishing a nonce provided by an automated certificate issuing system

nginx-local-ip uses number 3 here: we ask Let's Encrypt to issue a TLS cert for *.local-ip.medicmobile.org. It checks a DNS record, which we've prepared in advanced, and then issues a new wildcard cert.

After this, we do two things using Local TLS:

  • offer the private TLS key for download and use locally inside an nginx-local-ip container
  • allow an IP-in-ULR DNS entry so we can resolve any random URL to any random IP, all the while enabling valid TLS

So, going back to your request of a TLS cert for an IP address - this can not be done by this project for a number reasons:

  1. 192.168.0.110 is in the block of IPs that are non-routable. There would be no way to route internet traffic to it, so a certificate would never be issued to it
  2. Even if a TLS cert could be generated, we could not get a wildcard certificate, so we'd have to issue billions of certs for every IP out there.
  3. It's pretty rare for an IP to have a cert in general, I think only some of the DNS providers have them (eg Google's https://8.8.8.8 and CloudFlares https://1.1.1.1). Note these are routable IPs though, so it's technical possible!

@Hamidzai456hzj
Copy link

Hamidzai456hzj commented May 6, 2024
edited by mrjones-plip
Loading

IP Address:

I want to access all parts of the device through the IP address of my mobile or to access a small part of the device so that I can get my mobile phone or get the files and photos that were in my device. can i do it ؟؟؟
can you help me? Thank you very much.

This question moved to:

@mrjones-plip
Copy link
Contributor

@Mike6547 - thanks again for your question. I'm closing the ticket as it's been a while and we haven't heard back from you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mrjones-plip @Mike6547 @Hamidzai456hzj