3

I am building app with Angular 6 and I want this app to work offline and I am using Angular 6 with Service Worker and I want to host this app in local server with IIS but I do not have HTTPS cert.

What can I do to make service worker work without HTTPS? The app must work on Android, iPhone and Windows.

mmvsbg
  • 3,570
  • 17
  • 52
  • 73
mhd saeed shamborsh
  • 113
  • 2
  • 7

1 Answers1

2

You cannot make it work without https. Having your site served over HTTPS is a requirement to enable service workers (apart from http://localhost and http://127.x.X.X).

You definitely need a valid, trusted SSL certificate if you want it to run on all platforms on production. On windows, I think there are some Chrome options to bypass that, but this would still be only for testing

Edit

You can add certificates in IIS. It might not be a trusted one, but you can manually install and trust that certificate on your devices. This is a manual process valid only for development.

As pointed by @Benjamin if all your users are on your same company network, then you can deploy that certificate on all machines (and phones) and it should work.

David
  • 33,444
  • 11
  • 80
  • 118
  • or can i make my app work offline without service worker is there any way – mhd saeed shamborsh Sep 13 '18 at 10:17
  • I edited my answer. Also, you cannot really have your web app work offline on your device without PWA, unless your turn it into a hybry app using cordova. – David Sep 13 '18 at 10:25
  • 1
    You don't say in what environment you are working, e.g., your home, a business etc. But you can generate self-signed certificates that your machines trust and deploy thos. That is common in company internal networks. – Benjamin Maurer Sep 13 '18 at 10:26
  • iam working in company and the app must work in company server – mhd saeed shamborsh Sep 13 '18 at 10:40
  • @mhdsaeedshamborsh Yes, but about the users? Are they all company users, using the company network? – David Sep 13 '18 at 10:41
  • That's something your IT departement should know – David Sep 13 '18 at 10:43
  • @BenjaminMaurer Can this solution involving a private root CA made practical solution if the web server is on a home LAN and the Android, iOS, and Windows devices are connected to the same LAN? – Damian Yerrick Jan 13 '20 at 03:49
  • @DamianYerrick technically yes, but it's too much work IMHO. Take a look at https://letsencrypt.org/ - this is a nonprofit org and the most popular option to get certs these days. You only need an internet connection to get and renew the certificate. – Benjamin Maurer Jan 13 '20 at 09:53
  • @BenjaminMaurer You need both an Internet connection and a fully qualified domain name to obtain a certificate from Let's Encrypt. So each user will still have to pay for a certificate, even though the money goes to a domain name registrar, not to a certificate authority. Or the program's publisher will have to find some revenue stream with which to operate a dynamic DNS service and get it into the Public Suffix List. – Damian Yerrick Jan 14 '20 at 02:10
  • @DamianYerrick That's correct, you need a public domain. Another alternative that we have been using is, that we have one public domain and an official certificate for that domain. Then we setup the DNS server in our customers network to resolve that domain to a local address and they can use that certificate - That still incurs costs, but once for all customers. The cheapest alternative is a custom root CA, but you'll have to install that manually (or I guess you can roll it out with some sort of enterprise device management system). – Benjamin Maurer Jan 14 '20 at 08:50
  • @BenjaminMaurer Your "another alternative" is similar to what I referred to "operate a dynamic DNS service", and I've read that it can take months to get a new dynamic DNS provider into the PSL so that LE rate limits don't make it useless. – Damian Yerrick Jan 15 '20 at 03:02
  • @DamianYerrick I don't follow. What you describe would make it public. I meant a DNS server in the LAN, used by the local devices, which does local resolution on your specific domain and delegates everything else. So your domain "www.myservice.com" will only resolve in your local network and that DNS server is just part of your DHCP setup. – Benjamin Maurer Jan 15 '20 at 12:07
  • @BenjaminMaurer First, the dns-01 challenge offered by Let's Encrypt requires a public TXT record. Second, good luck configuring all brands of gateway appliance to point to such a split-horizon DNS server. – Damian Yerrick Jan 20 '20 at 22:34