In my Android emulator, I was able to contact the GAE dev server.
I use this url: "http://10.0.2.2:8080/myurl".
The server is listening on http://127.0.0.1:8080.
Then, after I've updated the emulator to the Nexus 5X version with Google Play(API 27), the connection fails and the server show this log:
ERROR 2018-01-11 11:17:05,463 wsgi_server.py:329] Request Host 10.0.2.2 not whitelisted. Enabled hosts are set(['127.0.0.1'])
I'm using the latest GAE python SDK with webapp2.
Any idea on how to solve the problem?
The more recent versions of the development server includes whitelisting checks of the source IP address of incoming requests.
You can use the --enable_host_checking=False command line option for the GAE devserver, which disables these checks. Not a good idea if you're running on an untrusted network.
You're probably seeing such errors even for accessing the devserver from the same machine. Another option for these requests would be to use the --host 10.0.2.2 devserver option (i.e. use your machine's external IP address instead of localhost/127.0.0.1, but that won't help with the emulator requests if you're running the emulator on some other machine.
Ideally the whitelist should IMHO be manageable independently from the server's IP address, but this is what is available presently.
Related
I'm trying to setup a local dev environment for a PWA I'm working on.
I have installed mkcert on my Mac and am able to host a https://localhost version on my computer.
Now I'd like to open the page on my Android phone. On the mkcert github it says:
Mobile devices
For the certificates to be trusted on mobile devices,
you will have to install the root CA. It's the rootCA.pem file in the
folder printed by mkcert -CAROOT.
On iOS, you can either use AirDrop, email the CA to yourself, or serve
it from an HTTP server. After installing it, you must enable full
trust in it. Note: earlier versions of mkcert ran into an iOS bug, if
you can't see the root in "Certificate Trust Settings" you might have
to update mkcert and regenerate the root.
For Android, you will have to install the CA and then enable user
roots in the development build of your app. See this StackOverflow
answer.
https://github.com/FiloSottile/mkcert
I installed the rootCA.pem on my phone. The part about "enabling user roots" doesn't apply, since this is not an app.
But when I open the page on my phone using https://[my-local-network-ip]:1234 I get a warning, that the certificate can't be trusted.
How can I trust the certificate so I can locally test the PWA on my phone?
I know you've probably moved on from this question, as it's almost a year on. However, I would like to share how I was able to test my PWA locally in a secure context.
Not making any assumptions about what framework / packaging / build system you're using:
Generate a certificate & key using mkcert. If you are hosting your PWA locally & want to access it over your local IP address i.e. 192.168.1.x:3000 you also need to tell mkcert to generate a certificate that covers that IP address:
mkcert localhost 192.168.1.17
// The certificate is at "./localhost+1.pem" and the key at "./localhost+1-key.pem" ✅
Important note: most routers dynamically assign local IP addresses, so it's worthwhile assigning a static IP.
Install your RootCA from mkcert onto your iOS or Android device. Follow the instructions in the mkcert docs
Serve your generated certificates with your web server of choice. I use Create React App. You can see my answer about PWAs in secure context here
I agree with your goal - running a local TLS based setup can be useful in terms of productivity and early troubleshooting.
Your problem is DNS based and you need to access the TLS secured URL via the host name.
The only way you'll get DNS to match up on the Android side is to use an HTTP proxy, while running either an emulator or a device connected via USB.
In a nutshell I would do this:
Issue your cert to a more real world domain name such as mycompany.com
Add this domain name to DNS on your Mac book
Install a free proxy such as proxyman on the Mac
Configure the Android emulator or device to use the proxy (you will also need to trust the proxy's cert on Android and the Mac)
Then browse to https://mycompany.com from Android
Full details are available in my write up
I'm behind a corporate proxy and everything that access the internet needs a special configuration regarding Proxy. I'm on a CentOS 7, using CNTLMD to handle proxy tunneling, developing for mobile with React Native. And I'm using the Android Emulator provided by Android Studio.
I first noticed that my emulator can't access any HTTPS protocol when I tried to open Google in the Browser. Internally google redirects to HTTPS and I always get that "Connection Refused" error. Later (this week), trying to use Axios and Fetch to make HTTP/HTTPS requests, this has become a serious problem, since the APIs I'm trying to connect to are under the HTTPS protocol.
A friend of mine who is working in the same project but using Mac has no problems with HTTPS. I have also tried to start the emulator with the following commands:
emulator -avd myemulator -http-proxy http://127.0.0.1:3128
And
emulator -avd Marshmallow86 -http-proxy http://<network username>:<network password>#<ip>:<port>
And they do nothing.
I tried setting up HTTP and HTTPS proxy on Android Studio but this don't seem to be the way (and also didn't work).
#edit
I set the http_proxy on my host and started the emulator without parameters. Didn't work as well.
What am I missing?
I haven't used the software above that isn't android avd or androidstudio,
but it looks like a proxy or CA certificate problem.
Since the difference seems to be by OS, I would guess CA certificate first.
This android page has advice on using openssl from the command line to
explore that and consider importing certificates.
https://developer.android.com/training/articles/security-config.html
This android page has current suggestions for proxy configurations:
https://developer.android.com/studio/run/emulator-networking.html
Note, that the above instructions are updated for new features.
In the past I needed a proxy to a non-ssl appengine development server
which is slightly different from your problem but here's what I used:
For an SSL proxy, used the apache web server, and configured it to use SSL
by installing a self-signed certificate, then added a ProxyPass and ProxyPassReverse
in httpd.conf and a ProxyPass in the httpd-ssl.conf.
ProxyPass / http://127.0.0.1:8080/
Apache as an SSL proxy receives connections to https://127.0.0.1:443 and
passes them to http://127.0.0.1:8080
Then in the application, code that will be running in the emulator
can use address
10.0.2.2 to use android subnet routing table to connect to the dev. OS localhost.
I'm trying to test a website in the Android Emulator. The website is required to run on HTTPS. Outside the emulator on my PC the website is running fine with SSL, because I use an official certificate which is bound to https://localhost. When I run the website in the emulator I can access in on https://10.0.2.2, but I get a warning and a red 'https' in Chrome (10.0.2.2 is the address to access localhost on the host machine).
Is there any way to get it use a certificate?
A common solution is to use a tool like ngrok which creates a web available HTTPS site that will proxy requests to a specific port on your local machine. Then you open https://examplexyz.ngrok.io in the emulator and you have a valid TLS certificate and your local development website.
Chrome browser and others will show a warning about security when your website use a self-signed certificate. Please ignore it if you are testing at localhost. When you publish your website to production and have a domain, you can use a free SSL certificate Let's Encrypt.
I followed this tutorial to setup a cloud database for my Android App
https://github.com/GoogleCloudPlatform/gradle-appengine-templates/tree/master/HelloEndpoints
Everything compiled fine and the server is running at http://localhost:8080/
However I keep getting this error
failed to connect to /10.0.0.2(port 8080) after 20000ms
I tried replacing 10.0.0.2 with my local IP address but it didn't work and showed the same error.
I am using Android Studio and debugging the app on my Android phone. Kindly help. Thanks!
Couple of areas to check:
Make sure you can connect to your locally running server using local IP address. In in your computer browser go to :8080. If it doesn't work then make sure your Run/Debug Config in AS is calling 127.0.0.1 or 0.0.0.0 address.
your android app has to be calling your pc's local IP address.
You need to start the dev server listening on 0.0.0.0. By default, the dev server listens only on localhost which means requests from other devices will not work. Just edit your run configuration and set the server address.
First find the IP Address of your machine (e.g., 192.168.x.x), by using ifconfig.
Change your build.gradle file of the endpoints project by adding this code appengine.run.host='192.168.x.x' at the end of the file.
Change the address in your android code with .setRootUrl("http://192.168.x.x:8080/_ah/api")
I trying to deploy an android application connected to GAE. I run the online tutorial on google, I used the right configuration (as they write on the tutorial) but I can't communicate the Android Virtual Device with the web application running locally. The Web application shows me a "Server Error 500" and the android application on AVD shows me a "Failure:Connect to /192.168.56.1:8888 timed out" error.
I m running Eclipse Indigo and the virtual android device is with Google API Level 10.
Thank you.
Appengine dev server by default only accepts connections on localhost address (localhost and 127.0.0.1).
To make it accept connections on all ports add -bindAddress 0.0.0.0 to dev server parameters in Eclipse.