Dev and testing without certs and without https

Hello,

I use dockerized jitsi for my development. However I have not yet been able to figure out how to test it without requesting letsencrypt certs on all desktop and mobile browswer. Currently I am only able to test on desktop firefox on machine which runs jitsi (localhost) as firefox lets me bypass non-https warning.

Ideally I would like to test on chrome, safari and firefox on both desktop and mobile.

You need valid certs for mobile.

thanks @Freddie
Even for browsers on mobile? . I am not using mobile app.
There has to be some way for atleast development and testing

@damencho any idea on this?

Hello! I don’t know if this will help, but I’ve achieved serving an embedded Jitsi Iframe through HTTPS on my Vue / Spring Boot app by creating my own self-signed certificate inside a Linux machine using the Java keytool utility, and generating a .p12 certificate file and enabling HTTPS using the generated certificate from within my Spring Boot app’s server properties.

If you’re not using Spring Boot, you can also generate a self-signed certificate using openssl, prolly Google how to do it, but you can generate a .cert and .key file for use with NGINX, and reverse proxy HTTPS requests to your Dockerized app that is running on HTTP. It can be passed to a server block using ssl_certificate and ssl_certificate_key directives pointing to a path (can be relative to location of NGINX config, or absolute path), along with ssl keyword on your listen directive.

For reference, here is my config to reverse proxy HTTPS requests and WSS connections in a particular port (8082 in this case) to a different app, Ant Media Server, which is hosted on HTTP on port 5080. Probably same simple might apply, except you would change the proxy_pass to the IP address / domain name with port number of your Dockerized app.

http {
    server {
        listen 443 ssl;
        server_name localhost;
        gzip off;
        proxy_max_temp_file_size 0;
        ssl_certificate ./ssl/eagmpoc.pem;
        ssl_certificate_key ./ssl/eagmpoc.key;
        proxy_buffering off;
    }
    server {
        listen 8082 ssl;
        server_name antmedia;
        gzip off;
        proxy_max_temp_file_size 0;
        ssl_certificate ./ssl/eagmpoc.pem;
        ssl_certificate_key ./ssl/eagmpoc.key;

        ssl_session_timeout 5m;
        ssl_protocols TLSV1.1 TLSV1.2 TLSV1.3;

        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header HOST $http_host;
            proxy_connect_timeout  600s;
            proxy_send_timeout  600s;
            proxy_read_timeout  600s;
            fastcgi_send_timeout 600s;
            fastcgi_read_timeout 600s;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Connection "";
            proxy_pass http://localhost:5080;
        }

    }
}
events{

}

NOTE: NGINX requires the main server listening on port 443 to be enabled with SSL in order to define other servers with SSL enabled that are running on non-standard ports (5080 for instance).

Also, you could possibly include in your Dockerized setup a custom NGINX config passed to the NGINX Dockerfile image / container to achieve something similar to having your app on HTTPS using a self-signed SSL certificate.

As for whether it’s possible to not have HTTPS enabled – I don’t think so. Browsers’ default security behavior, especially mobile browsers, is to block camera and mic permissions when on a standard HTTP-hosted site. I don’t know why, but this is something you have to deal with. :frowning: