The frontend uses its own dev certificate generated by dotnet. Browsers prompt users to use it with a warning that it is not trusted. It should be possible to use the backend's certificate, but dotnet is apparently bugged on macOS, and it still works without it.
The backend uses a generated certificate trusted by a locally hosted CA using mkcert. The problem is that users need to install the CA on their devices to use it, and it needs the device's IP address to be used as the domain.
To solve the first problem, the backend starts another server in a separate thread that is HTTP and only serves the CA. When the link http://host:9601 is followed, the user is prompted to install the certificate. Then for iOS: General -> About -> Certificate Trust Settings, and enable the newly added CA.
The second problem is solved in that the setup script was updated to read the Pi's IP address and generate the certificate with it as the domain. It breaks if the IP address changes.
A real solution would be to get a static IP or mDNS entry from RIT, and then get a certificate either through them if they have a CA or purchase one.
I also made the following changes to the frontend:
Removed the useless home page
Removed the navigation bar from the student's transcription page
Change the port to 443 to access the frontend without specifying a port
Made the student's page the root page
Added a button to install the CA from the backend
Added a QR code to the student's page, which is the page shown on the car's screen
I also added startup.sh that starts the backend and frontend in a tmux session (different windows). The backend/frontend services were replaced with software.service that starts this script. A chromium window is also opened to the frontend. Further testing is required to verify functionality.
The current solution is as follows:
The frontend uses its own dev certificate generated by
dotnet
. Browsers prompt users to use it with a warning that it is not trusted. It should be possible to use the backend's certificate, butdotnet
is apparently bugged on macOS, and it still works without it.The backend uses a generated certificate trusted by a locally hosted CA using
mkcert
. The problem is that users need to install the CA on their devices to use it, and it needs the device's IP address to be used as the domain.To solve the first problem, the backend starts another server in a separate thread that is HTTP and only serves the CA. When the link
http://host:9601
is followed, the user is prompted to install the certificate. Then for iOS: General -> About -> Certificate Trust Settings, and enable the newly added CA.The second problem is solved in that the setup script was updated to read the Pi's IP address and generate the certificate with it as the domain. It breaks if the IP address changes.
A real solution would be to get a static IP or mDNS entry from RIT, and then get a certificate either through them if they have a CA or purchase one.
I also made the following changes to the frontend:
443
to access the frontend without specifying a portI also added
startup.sh
that starts the backend and frontend in atmux
session (different windows). The backend/frontend services were replaced withsoftware.service
that starts this script. A chromium window is also opened to the frontend. Further testing is required to verify functionality.Resolves #47 Resolves #41 Resolves #46 Closes #44 Closes #36