![]() | ![]() Products ![]() ![]() ![]() ![]() |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 21 to 23 of 23 total |
![]() |
Mon, Oct 19 2015 11:15 AM | Permanent Link |
Raul ![]() | On 10/18/2015 10:25 PM, Frederick Chin wrote:
> EWB Server:- > Port 80 You also need to listen on 127.0.0.1 0 - this part is VERY important. so it sahould be EWB Web Server : 127.0.0.1 Port : 80 > localhost/<app.html> => OK > https://localhost/<app.html> => OK Testing localhost is not really relevant - if i have physical session access to the server itself i can just access file system files and don't have to bother with the web server. > EWB Server:- > Port 8081 Again listen on 127.0.0.1 !!! > localhost/<app.html> => Connection Refused Of course - nothing is listening. In this case you would need to test localhost:8081/<app.html> > It looks like the second non-standard port setting is more secure. What you should really be testing are http://<dynamic dns>/<app.html> http://<dynamic dns>:8081/<app.html> and https://<dynamic dns>/<app.html> Only the last one should work. Note that there is no difference in security here - one can do everything over https link anyways so using SSL does not in any way secure the web server. What you are trying to secure is the communication between the browser and the web server. > When I attempt to use a smartphone to connect as follows:- > https://<dynamic dns>/<app.html> > I get a connection failed. A local ping of the dynamic DNS results in a valid public IP address. I'll need to research this further. > In both https prefixes in the URL, Chrome complains the connection is not private and the https in the URL is crossed out in red. Should I worry about this? What is the actual error - click on the crossed out padlock (or use the advanced link in the chrome error). I guess you used the certificate that came with stunnel? You cannot do that and are likely seeing invalid identify and unknown certificate authority. Once you know what you final dns name is (and it cannot change in the future or you invalidate the certificate) you need to obtain a proper certificate. You could make a self-signed cert which would work OK on PC browsers but is PITA on mobile devices (especially apple ones as they do not by default allow connection to untrusted certs). If you do not own the domain (you <dynamic dns> for example) then you will will not be able to obtain certificate yourself and have to rely on them to do it for you - some support it and some do not. For example : http://www.dyndns.com/support/kb/sslcert.html In general you're better off registering your own domain name. There are few options for certificates: StartSSL provides free ones: https://www.startssl.com/ for little bit of money ($20/year) you can get a comodo cert and their process is easier than startssl : http://www.ksoftware.net/ssl_certs.html Raul |
Mon, Oct 19 2015 12:02 PM | Permanent Link |
Frederick Chin | Raul,
/* You also need to listen on 127.0.0.1 0 - this part is VERY important. so it sahould be EWB Web Server : 127.0.0.1 Port : 80 ... Again listen on 127.0.0.1 !!! */ Yes, the EWB server is set to listen to 127.0.0.1. /* In this case you would need to test localhost:8081/<app.html> */ Works fine. /* What you should really be testing are http://<dynamic dns>/<app.html> http://<dynamic dns>:8081/<app.html> and https://<dynamic dns>/<app.html> Only the last one should work. */ I tried all above and I still get a timeout error for the first one and "Connection Refused" for the second and third ones. Is it a firewall problem? /* What is the actual error - click on the crossed out padlock (or use the advanced link in the chrome error). */ The identity of this web site has not been verified. Server's certificate is not trusted. /* I guess you used the certificate that came with stunnel? You cannot do that and are likely seeing invalid identify and unknown certificate authority. */ Yes. Newbie problem. ![]() /* Once you know what you final dns name is (and it cannot change in the future or you invalidate the certificate) you need to obtain a proper certificate. You could make a self-signed cert which would work OK on PC browsers but is PITA on mobile devices (especially apple ones as they do not by default allow connection to untrusted certs). If you do not own the domain (you <dynamic dns> for example) then you will will not be able to obtain certificate yourself and have to rely on them to do it for you - some support it and some do not. For example : http://www.dyndns.com/support/kb/sslcert.html In general you're better off registering your own domain name. There are few options for certificates: StartSSL provides free ones: https://www.startssl.com/ for little bit of money ($20/year) you can get a comodo cert and their process is easier than startssl : http://www.ksoftware.net/ssl_certs.html */ Thanks for your help. All the above will put me on the right path. Frederick |
Mon, Oct 19 2015 12:37 PM | Permanent Link |
Raul ![]() | On 10/19/2015 12:02 PM, Frederick Chin wrote:
> Yes, the EWB server is set to listen to 127.0.0.1. Great - that's the part that makes it inaccessible from internet (so only thru stunnel can you access the web server from internet). > http://<dynamic dns>/<app.html> > http://<dynamic dns>:8081/<app.html> > and > https://<dynamic dns>/<app.html> > > Only the last one should work. > */ > > I tried all above and I still get a timeout error for the first one and "Connection Refused" for the second and third ones. Is it a firewall problem? Assuming your EWB web server is still setup on 8081 the 1st one would fail. The 2nd one should fail also (from internet but work locally using locahost). The 3rd one is the only one that should work frpom internet. Firewall is definitely a possibility - i'd start by checking stunnel logs and see if you're seeing any connection coming in at all. if not then it never made it to stunnel so local firewall would be my next step and assuming you're behind a router or such make sure your port forwarding (and firewall on router) are also properly configured and allow traffic thru. > Thanks for your help. All the above will put me on the right path. Yes, there are lot of moving pieces with this but once you get first one going i can tell you next one will be real easy if you do it again. Raul |
« Previous Page | Page 3 of 3 | |
Jump to Page: 1 2 3 |
This web page was last updated on Saturday, January 18, 2025 at 07:39 AM | Privacy Policy![]() © 2025 Elevate Software, Inc. All Rights Reserved Questions or comments ? ![]() |