Implement HTTPS support

[Z0y6h0kS9X]

Is your feature request related to a problem? Please describe. I started setting up a server to host my drm free games so that I can use it as a cache server basically. I have 3 PCs and a laptop that I go between, and rather than download from GOG or wherever every time I host them here and pull it from the GameVault server which is infinitely faster. However since I am not always at home (laptop/LAN party), I have the server behind a reverse proxy. The trouble is I will have to go into the server settings and change it to the local IP:port URL, rather than the reverse proxy FQDN or vice-versa depending on the situation.

Describe the solution you'd like Ideally in my mind, there would be another field inside of the server settings called "Preferred (or local) Address" where you can specify the internal IP:Port URL of your GameVault server. That way when the application launches, it will attempt to try the local/preferred URL first, then fallback to the other server specified if it cannot connect after 10 seconds.

Describe alternatives you've considered The only alternative to this edge case would be manually going in and setting the server url, depending on your location.

Additional context Side note, it would be nice to auto update the list of server games when you change the server url without having to restart the application.

[Alfagun74]

Hello @Z0y6h0kS9X,

It seems like the issue you're encountering might be related to the DNS configuration in your home network. You shouldn't require any additional client settings to resolve this. While I'm not an expert in networking, I've encountered the same problem before.

Here's what I've done in my own setup:

I have a domain called "gamevault.example.com" with a DNS A record pointing to my home IP address, which let's say is "123.123.123.123".

When I'm at home, I prefer to connect to my server directly using its local IP, which in my case lets say is "192.168.0.10". However, when I'm traveling, I want to use the internet-facing address.

To achieve this, I've made an additional entry in my home router's DNS or home networks dns like Pi-hole. I've configured it to route all DNS-requests to "gamevault.example.com" to my server's LAN address, "192.168.0.10".

This setup ensures that internal requests within my home network are directed to the local IP, while external requests from other DNS or public DNS servers are directed to the internet-facing IP.

If your DNS supports it, you can even enter *.example.com to wildcard-redirect all local services like jellyfin.example.com etc. to your home server.

I hope this explanation clarifies things for you. If you still insist on this feature, please tell us why.

We should address the side note you mentioned though.

[Z0y6h0kS9X]

@Alfagun74

Thank you for your response! While your solution would certainly work, I was hesitant to do so as it relies on a 3rd party system to make it work (pi-hole, openwrt DNS settings, etc.). In my mind, it would be better be as least reliant on 3rd party dependencies, as if those break or are not configured right, can cause symptoms in the downstream app. Additionally, this would somewhat hamper visibility to external exclusive problems.

Simply put: say that there is an issue with the port forwarding where it does not route to gamevault (or jellyfin or whatever) - or an issue where your external IP changes. These issues would be unnoticed by you on the internal network.

Granted, this can easily be resolved by using uptime robot or something - or could be reported by an external user (like for jellyfin). It is still something to consider.

I am fine closing this request with your suggestion, but wanted to see if you think that is to proper course given the added context above first.

[Z0y6h0kS9X]

@Alfagun74 - An additional consideration, I have Gamevault behind a reverse proxy that is secured (HTTPS), however GameVault does not listen for SSL connections. I checked the docs here and could not see an ability to enable it. So even if we go through the DNS changes like you proposed - you would still need to change the server address from HTTPS to HTTP. While I could listen for HTTP traffic and route it through, that seems less than ideal.

[Alfagun74]

I understand, in this case we consider listening on Port 8443 using HTTPS aswell.

See: https://docs.nestjs.com/faq/multiple-servers

Would this be feasible or would maybe Phalcode/gamevault-app#339 fit your needs, or do you still insist on the idea of a fallback-host like you described in the ticket?

[Z0y6h0kS9X]

I think listening for HTTPS on 8443 would suffice when paired with the DNS changes. I'm going to close the issue, we can re-open it later if needed.

[Alfagun74]

@Z0y6h0kS9X just so you know, most of us just do

WAN                | LAN
Client -> HTTPS -> | Reverse Proxy with certs -> Downstream HTTP -> GameVault

which is usually secure enough. of course HTTPS in the end of the chain would make things more resistant to MITM Attacks, albeit chances are pretty low someone is going to bother.