F2P-110 | Web client fix (attempt)

[aldrichdev]

What's Changed

• Added webclient files to public/
• Updated webclient to point to website URL where those public files live
• Changed APP_URL env var to NEXT_PUBLIC_WEBSITE_HOST so that the protocol isn't forced
• Added util for checking if server is production and another that gets the protocol based on this

Notes

• My thought is that, if we merge this and it gets pushed to production, and then update the websocket cert on the game server to point to neatf2p.com as the issuer (and restart), then the game server will trust neatf2p.com as a way of loading the game client from its IP, so the privacy warning shouldn't be needed since the CA is now neatf2p.com? Not sure if it will really work but it's worth a shot.
  • Open's URL is https://rsc.vet/client/#members,game.openrsc.com,43496,65537,7112866275597968156550007489163685737528267584779959617759901583041864787078477876689003422509099353805015177703670715380710894892460637136582066351659813,true which means they went with hosting the client on rsc.vet and they point to the game server differently, which is now what this PR does. May need to ask Logg what the issuer value is in the .crt for his server to make sure my thinking is right - I think for him it must be rsc.vet? Thus for us, neatf2p.com. (Maybe including protocol/etc)
• We will need to add the new env var to production before merging this!

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
neatf2p-nextjs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 18, 2024 9:19pm

[aldrichdev]

I have scheduled a server maintenance event for next Sunday at 12:15 PM. We will need to prepare the cert in advance and be ready to put the new cert in once the game server shuts down. Do not merge this PR until just before that maintenance period.

[aldrichdev]

So, I have created two new files on the desktop of the server:

• NeatF2PWebsocketV2.key
• NeatF2PWebsocketV2.crt

Both were generated using the instructions in my "Websocket Cert Info" note, which should really be made into a blog post.

However, the issuer for the .crt is DESKTOP-..., NOT neatf2p.com. I think this is because I actually created the cert on the server, so it used the computer name as the issuer. I think changing the value after CN= to neatf2p.com or www.neatf2p.com would NOT work because something wouldn't match, but it's sort of worth a shot for next week's maintenance period. I will send a message to Logg in the meantime to see what his issuer is and how he created the cert.

[aldrichdev]

Ok, so if you look at the security issue in Edge, Chrome, or some other browser, you will see this:

And if you view the certificate you will see this:

The problem is, the website, www.neatf2p.com is a secure website, and we try to access a page at 192.3.118.9 securely via HTTPS, but that doesn't make sense since it's not secure. I think we tried to use http for this page at one point, but we ran into an issue.

I think if we:

• host the webclient on the site (which this PR does),
• create an SSL cert for www.neatf2p.com,
• and somehow save that cert as a .crt and .key, or .pem, and put those files on the server, then... The webclient may work by default. Vercel doesn't let us access its SSL certs, so that may not work. However, I also wonder if we really need the websocket cert? What if we cleared out the fields in connections.conf or whatever file it is, removed the files, and hosted it on the neatf2p site? Would it work?