Support SSL client certificates

[thigger]

Is your feature request related to a problem? Please describe.

I wasn't sure whether to open a separate request or tag on to #254 , but I'm using SSL client certificates to secure access to self-hosted apps. Works very well for the web version using apache2 to proxy, but presumably the app (Android 12) doesn't know to prompt for a certificate to present, and produces "Failed to ping server" as an error.

Describe the solution you'd like

App to connect using a TLS certificate. I'm not familiar with Capacitor development but this looks promising: https://github.com/cordova-ccafix/cordova-plugin-client-certificate-support

Describe alternatives you've considered

Avoiding app and using webapp only, reducing security by removing requirement for authentication.

[advplyr]

Someone was working on this and was discussing it with me in discord https://discord.com/channels/942908292873723984/954760207131615264/1000143546818498771 but I think it has been abandoned. It's not something I'm familiar with

[mikehoyle]

FWIW I'm doing this successfully with Android and iOS clients.

I have SSL certs issued by Let's Encrypt and served by Node Proxy Manager. Make sure you use https server addresses in the app -- a lot of browsers will be smart and swap you to https, but the apps pre-fill "http://", and if you attempt to connect to the SSL-secured server with http in the client you'll get the "Failed to ping server" error.

[hskrtich]

@mikehoyle This isnt about server side TLS certs. That can be done in a number of ways include what you describe.

This is client side certificate similar to SFTP keys or SSH keys. https://medium.com/@sevcsik/authentication-using-https-client-certificates-3c9d270e8326 https://www.jscape.com/blog/client-certificate-authentication

[parksj10]

can confirm what @mikehoyle said, working with Swag reverse proxy and Unraid docker, and https worked for me. I know it's unrelated, but client certs, but wanted to say thanks anyways!