API Doesn't Support IPv6, App Rejected. What Can I Do? - swift

I've created an app and tried to publish to the App Store only to be rejected as the app crashes on launch when using an IPv6 only network.
I used IPv6-test.com and tested the demo API URL to find that the API doesn't support IPv6 yet. Is there a way I can get around this issue without using a different API?
If it could help I have the capabilities to host my own server with IPv6 support.

For an API server to be compatible with IPV6, you will need to just deploy it on a web server which is IPv6 enabled.
If its a Third party API on a Third party web server, I think there is not much you can do apart from writing and requesting to them to enable IPV6.
If its your own Web server, you can ask your hosting provider for an IPv6 address and check if they can provide you with IPv6 connectivity.

Related

How do you configure a domain name for openfire server? Do I just buy a domain and set it as my XMPP domain?

so I am setting up a server for a messaging application which is being developed. I am using openfire server for this which I have installed and running on a PC. Right now, the xmpp domain is set to my computer name and server is working on my network, but obviously as its a local name it cannot be accessed from the outside.I am able to access the server from multiple computers on the same network using the Spark messaging client to test the server. So to be able to access my XMPP server from devices outside my network, do I just buy a domain name and set it as my XMPP domain in Openfire settings?
To answer your question, yes, with the following caveats:
You will either have to host the DNS server yourself or have the DNS provider serve the records for you.
A domain must have a static IP to address to point to. A home or a typical small business Internet account does not include a static IP (some providers actively prevent home accounts from serving web pages/services).
You must also configure your firewall to allow a mapping to the internal server.
I would recommend using an external provider to handle the network and hosting services for your program.

How to configure IBM Cloud CloudFoundry Apps to support IPV6

our App has been rejected by Apple because it does not work on pure IPV6 networks. We think it is because IBM CloudFoundry App hosting does not support it. How can we enable the IBM cloud foundry address such as tbms-proxy.eu-gb.mybluemix.net to be IPV6 compliant? thanks
If you can use a custom domain, one option could be to go through a gateway to enable IPv6.
Cloud Internet Services can do this by proxying requests to your app. Cloud Internet Services is powered by Cloudflare.
Once your domain is configured in Cloud Internet Services and added to IBM Cloud, IPv6 connectivity will be available.

HTTPS for local IP address

I have a gadget[*] that connects to the user's WiFi network and responds to commands over a simple REST interface. The user uses a web app to control this gadget. The web app is currently served over http and the app's javascript does AJAX calls to the gadget's local IP address to control it. This scheme works well and I have no issues with it.
[*] By "gadget" I mean an actual, physical IoT device that the user buys and installs within their home, and configures to connect to their home WiFi network
Now, I want to serve this web app over https. I have no issue setting up https on the hosting side. The problem is, now the browser blocks access to the gadget (since the gadget's REST API is over http and not https).
The obvious solution is to have the gadget serve it's REST API over https. But how? It has a local IP address and no one will issue a certificate for it. (Even if they did, I'd have to buy a boatload of certificates for each possible local IP address.) I could round-trip via the cloud (by adding additional logic on my server side to accept commands from the web app and forward it to the gadget over another connection), but this will increase latencies.
Is there a way around this problem? One possibility that I have in mind is to:
Get a wildcard certificate (say, *.mydomain.com)
Run my own DNS that maps sub-domains to a local IP address following a pattern (For example, 192-168-1-123.mydomain.com would map to 192.168.1.123)
Use the wild-card certificate in all the gadgets
My web app could then make AJAX calls to https://192-168-1-123.mydomain.com instead of http://192.168.1.123 and latencies would remain unaffected aside from the initial DNS lookup
Would this work? It's an expensive experiment to try out (wildcard certificates cost ~$200) and running a DNS server seems like a lot of work. Plus I find myself under-qualified to think through the security implications.
Perhaps there's already a service out there that solves this problem?
While this is a pretty old question, it is still nothing that you find out-of-the-box solutions for today.
Just as #Jaffa-the-cake posted in a comment, you can lean on how Plex did it, which Filippo Valsorda explained in his blog:
https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users/
This is very similar to what you proposed yourself. You don't even need a wildcard certificate, but you can generate certificates on-the-fly using Let's Encrypt. (You can still use wildcard certificates, if you want, which Let's Encrypt supports now, too.)
Just yesterday I did a manual proof-of-concept for that workflow, that can be automated with the following steps:
Write a Web Service that can create DNS entries for individual devices dynamically and generate matching certificates via Let's Encrypt - this is pretty easy using certbot and e.g. Google Cloud DNS. I guess Azure, AWS and others have similar offerings, too. When you use certbot's DNS plugins, you don't even need to have an actual web server running on port 80/443.
On you local device, contact that Web Service to generate a unique DNS entry (e.g. ..yourdns.com) and certificate for that domain
Use that certificate in your local HTTPS server
Browse to that domain instead of your local IP
Now you will have a HTTPS connection to your local server, using a local IP, but a publicly resolved DNS entry.
The downside is that this does not work offline from arbitrary clients. And you need to think of a good security concept to create trust between the client that requests a DNS and certificate, and your web service that will generate those.
BTW, do you mind sharing what kind of gadget it is that you are building?
If all you want is to access the device APIs through the web browser, A Simple solution would be to proxy all the requests to the device through your web server.this was even self signed certs for the devices wont be a problem. Only problem though is that the server would have to be on the same network as your devices.
If you are not on the same network, you can write a simple browser plugin (chrome) to send the api request to IoT device. but then the dependency on the app/plugin will be clumsy.

Viewing MEAN app in Google cloud

I am trying to access a barebone MEAN stack application with Google's glcloud one click deployments. I have successfully been able to add the code for the MEAN app and can access (via ssh) and run/start app using grunt. Neither of the external links provided by gcloud is working: http://:3000 or http://
Any idea on how to access app for viewing/testing?
I figured it out by allowing the default MEAN JS port 3000 on the firewall rules in the Google Developer Console. Networking > Firewall rules. You must also allow http port for incoming traffic.

How to test Facebook Real-time updates

In order to publish real-time updates to my app, Facebook needs needs to perform a post request to my server.
Problem is, my server is my home computer and not publicly addressable from the internet. Bringing a server live to implement this sounds like it could be a pain... can't attach debugger, fiddler etc....
So what's the best way to test the Http Endpoint? Integration tests that simulate the Facebook server? Fiddling with firewalls/NAT to try and get Facebook talking to my home computer?
Any ideas?
You can use ngrok - https://ngrok.com/ - free (pay-what-you-can) service that does exactly what you need. Localtunnel service is down and the developers also recommend ngrok.
In the past, I've used LocalTunnel to do this. It's a nice wrapper around an SSH tunnel and it effectively assigns you a subdomain at localtunnel.com pointing to a port on your localhost.
So basically, when you run it it will spit back an externally accessible sub domain name like xyz.localtunnel.com who's port 80 will point a port you specify on your local box.
You can find it at: http://progrium.com/localtunnel/
It's really great for testing various pubsubhubbub subscription feeds (like Facebook's).
OK! I think NAT should be the best bet and I don't see a reason for it not to work. You should try it out.
It was actually pretty easy - Logged into my home router, set up port forwarding on port 80 to the local IP of my computer, put an exception in windows firewall for port 80. and then navigate to my public IP address in the browser.
Implement the receiver samples at: https://github.com/facebook/real-time/tree/master/samples
The only answer is to get a webserver that is publicly accessible for real-time updates to be able to call back to.
There's lots of free webhosts that allow server-side scripting. And there's lots of paid for webhosts out there too. Stackoverflow is really not the place to get leads on where/when/why/howmuch for web hosting.
No you can't use ngrok only to simulate facebook realtime update since you must make a call to facebook servers with your ngrok adress to validate it (tell me if you find out how to do this :p ).
I use an openshift server to receive facebook realtime and then post evry json data received from facebook to my ngrok adress. So the process is
set up an openshift server to receive facebook notifications
Facebook sends notifications to your openshift
your openshift sends datas (as received) to your ngrok adress
And if you must receive facebook notifications on a local website (like www.website.dev/fb-notifications/) then create a script in your localhost folder which receives openshift posts (let's call it tunelscript.php). the process will be
set up an openshift server to receive facebook notifications
Facebook sends notifications to your openshift
your openshift sends datas (as received) to your tunel script via your ngrok adress (perso.ngrok.com/tunelscript.php)
Relay datas from your tunelscript to your local website (tunelscript.php => www.website.dev/fb-notifications/)
That's Tuneling B-)