diff --git a/.gitignore b/.gitignore index e77b365..5ebea6e 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,5 @@ __pycache__/ wg_config/wg_confs/ records/ src/auracast/server/stream_settings.json +src/auracast/server/dev_cert.pem +src/auracast/server/dev_key.pem diff --git a/README.md b/README.md new file mode 100644 index 0000000..19ff256 --- /dev/null +++ b/README.md @@ -0,0 +1,111 @@ +## Local HTTP/HTTPS Setup with Custom CA + +This project provides a dual-port Streamlit server setup for local networks: + +- **HTTP** available on port **8502** +- **HTTPS** (trusted with custom CA) available on port **8503** + +### How it works +- A custom Certificate Authority (CA) is generated for your organization. +- Each device/server is issued a certificate signed by this CA. +- Customers can import the CA certificate into their OS/browser trust store, so the device's HTTPS connection is fully trusted (no browser warnings). + +### Usage + +1. **Generate Certificates** + - Run `generate_ca_and_device_cert.sh` in `src/auracast/server/`. + - This creates: + - `ca_cert.pem` / `ca_key.pem` (CA cert/key) + - `device_cert.pem` / `device_key.pem` (device/server cert/key) + - **Distribute `ca_cert.pem` to customers** for installation in their trust store. + +2. **Start the Server** + - Run `run_http_and_https.sh` in `src/auracast/server/`. + - This starts: + - HTTP Streamlit on port 8500 + - HTTPS Streamlit on port 8501 (using the signed device cert) + +3. **Client Trust Setup** + - Customers should install `ca_cert.pem` in their operating system or browser trust store to trust the HTTPS connection. + - After this, browsers will show a secure HTTPS connection to the device (no warnings). + +### Why this setup? +- **WebRTC and other browser features require HTTPS for local devices.** +- Using a local CA allows trusted HTTPS without needing a public certificate or exposing devices to the internet. +- HTTP is also available for compatibility/testing. + +### Advertise Hostname with mDNS + +To make your device discoverable as `your-hostname.your-domain.local` (e.g., `box1.auracast.local`) using mDNS/Avahi, you need to: + +#### Manual Method (Step-by-Step) + +1. **Set the Hostname (Single Label, No Dots)** + - Choose a simple hostname, e.g., `box1` or `auracast-box1` (do **not** use dots). + - Set it: + ```bash + sudo hostnamectl set-hostname + ``` + +2. **Update `/etc/hosts` for Local Resolution** + - Ensure `127.0.1.1` maps to your new hostname: + ```bash + sudo grep -q '^127.0.1.1' /etc/hosts && sudo sed -i 's/^127.0.1.1.*/127.0.1.1 /' /etc/hosts || echo '127.0.1.1 ' | sudo tee -a /etc/hosts + ``` + +3. **Configure Avahi Domain Name** + - Edit the Avahi config: + ```bash + sudo nano /etc/avahi/avahi-daemon.conf + ``` + - In the `[server]` section, set or add: + ```ini + domain-name=auracast.local + ``` + - Save and close the file. + - Restart Avahi: + ```bash + sudo systemctl restart avahi-daemon + ``` + +4. **(Optional) One-liner for Avahi Domain** + ```bash + DESIRED_DOMAIN="auracast.local"; sudo sed -i -E '/^\[server\]/,/^\s*\[/{s/^\s*(#\s*)?domain-name\s*=.*/domain-name='"$DESIRED_DOMAIN"'/}' /etc/avahi/avahi-daemon.conf && sudo systemctl restart avahi-daemon + ``` + +--- + +#### Automated Method (Recommended for Most Users) + +Instead of the manual steps above, you can use the provided script to perform all actions safely and atomically: + +```bash +cd src/auracast/server +sudo ./change_domain_hostname.sh +``` +- Example: + ```bash + sudo ./change_domain_hostname.sh box1 auracast.local + ``` +- The script will: + - Validate your input (no dots in hostname) + - Set the system hostname + - Update `/etc/hosts` + - Set the Avahi domain in `/etc/avahi/avahi-daemon.conf` + - Restart Avahi + - Print status and error messages + +Use the manual method if you want to understand or customize each step, or the script for a quick, reliable setup. + +--- + +### Troubleshooting & Tips +- **Hostnames must not contain dots** (`.`). Only use single-label names for the system hostname. +- **Avahi domain** can be multi-label (e.g., `auracast.local`). +- **Clients may need** `libnss-mdns` installed and `/etc/nsswitch.conf` configured with `mdns4_minimal` and `mdns4` for multi-label mDNS names. +- If you have issues with mDNS name resolution, check for conflicting mDNS stacks (e.g., systemd-resolved, Bonjour, or other daemons). +- Some Linux clients may not resolve multi-label mDNS names via NSS—test with `avahi-resolve-host-name` and try from another device if needed. + +--- + +After completing these steps, your device will be discoverable as `.` (e.g., `box1.auracast.local`) on the local network via mDNS. \ No newline at end of file diff --git a/src/auracast/server/certs/ca_cert.crt b/src/auracast/server/certs/ca_cert.crt new file mode 100644 index 0000000..fbf5845 --- /dev/null +++ b/src/auracast/server/certs/ca_cert.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCTCCAvGgAwIBAgIUexHtlpFLx2VNx8NoBktV9sD22gEwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJTXlMb2NhbENBMB4XDTI1MDYyMDEwMjAzOFoXDTMwMDYx +OTEwMjAzOFowFDESMBAGA1UEAwwJTXlMb2NhbENBMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA3gxg11FumiOClaZsN6a7FJg1GMsVHRocOtiFYCAeQoZ8 +7JItixKdcw3rzjRuqJpkiav9E3K3wP66sbDSxBwdYN2WIKGENLLDOLT4S54oXeeg +gcezWu57N+2X4qWJpa6AApZgxKhqvHMMnmigikAp+5gHxEPtvv+mnLPKmcoyP8Qy +akwx+Nl2iPGo0m4GmwK3HUSI3hhTOXWhTvjJBHTGy77jjMXWDhupNWCWbAnP9qzX +yh4hd1O/B1zyE7hqRMZxZn5G5ibaf+AutDNJJbhoLgKWblNq1+cSym/x5+XMul66 +EgxaOVYVgfhwyqnHnCTYhz8ms8VbZmmWsmycEb/q+PDF8SxL1ORJO8UKGShGTRN8 +IpmkIzRPmqoOxnWmELm+BvZa2ATqAo+zSufS0X+VsUoyNuCNQRaMrsR3BhaHdY53 +KiQX6oPyNLj0fOchsFlSD6uQhZrEEy6n49wzykxUZODQ7TzqeCEo6EzdgvaOC/sv +HEKemQunVRjmPPXYq3ztwrbkF24vLmr8VJcHnTSnstvzTK7Bj96w5Xk0EGUY2jkn +7XpY1R56bu/ROCzVk031Zh8JjJNEwahPd4wK05NoaEEzlKwH+AuwJERhBHpzCFZD +epn8MRZhoTsULQ64B2G58qBnpJQK1IwSAV2kgqjaBse+Mhv16lmM8XUoDX5xDdMC +AwEAAaNTMFEwHQYDVR0OBBYEFEDRG1UmSY6a2RqLuP0YFGAKJmwvMB8GA1UdIwQY +MBaAFEDRG1UmSY6a2RqLuP0YFGAKJmwvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAHLZ0m/cGDjptEKKK1IV7D3egVwEJr3lCalyuAm1Lm3eSI7E +o/4hio0lJhkB4x7dZKveDZXYfTKGdsEPB/FdAq5zXqc6BD1VFwH9Hd7tISrQNDVv +3QqNSGhAKilj60Sb4ZINIS+hffCeNwBIKWxM0gvrFksTUGaxkSX0hZ8zRtHhP//X +I6PnnA8v/JvU7QjxpM3rsnOwyRBWZZRVmKEU2i1RhBett+Acj2DTwmrFryFHvl0v +UavfO0I3+0MIkzFfLhCal01aPMXESkBWT55yZIEz3KUbuTfaNUjz2fYh1DZ/INUW +ruBTZwdJoutdnxKf9HVnwO/NPWh3MNYb0210x8yTL0EyLxzBLH7krbre0mdL7D0t +QXEANF+X0KWIzzOF+pWTBvDFiDx5eA4ZxgSEBJ1m+PMaAyGAwgxNPBDJ4lVf0YyY +JwId46IPejiuxd0ExTskQ4NLVMJx+dlQQKOYueWbxM5DLG52YtuB7kfmOkq/aiMX +k7DW/a2jK1KJbzUafsELGYRu+KZDZxYAgTFIJQBL6TSwU6FGQYy5GIL+wwjzaM6y +SNtogAJl3ioGNSYh9ansoh1JgL7AKryez9YgHOkQwZqt5qT3ogBJH3pxM9w5YpSN +9TD2v1jzxYDT3Bkxj5WkhsszNJ2qX0ffKZVnAJWrkv4O8W6en+HLCOcMHNxN +-----END CERTIFICATE----- diff --git a/src/auracast/server/certs/ca_cert.der b/src/auracast/server/certs/ca_cert.der new file mode 100644 index 0000000..2241bd5 Binary files /dev/null and b/src/auracast/server/certs/ca_cert.der differ diff --git a/src/auracast/server/certs/ca_cert.pem b/src/auracast/server/certs/ca_cert.pem new file mode 100644 index 0000000..fbf5845 --- /dev/null +++ b/src/auracast/server/certs/ca_cert.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCTCCAvGgAwIBAgIUexHtlpFLx2VNx8NoBktV9sD22gEwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJTXlMb2NhbENBMB4XDTI1MDYyMDEwMjAzOFoXDTMwMDYx +OTEwMjAzOFowFDESMBAGA1UEAwwJTXlMb2NhbENBMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA3gxg11FumiOClaZsN6a7FJg1GMsVHRocOtiFYCAeQoZ8 +7JItixKdcw3rzjRuqJpkiav9E3K3wP66sbDSxBwdYN2WIKGENLLDOLT4S54oXeeg +gcezWu57N+2X4qWJpa6AApZgxKhqvHMMnmigikAp+5gHxEPtvv+mnLPKmcoyP8Qy +akwx+Nl2iPGo0m4GmwK3HUSI3hhTOXWhTvjJBHTGy77jjMXWDhupNWCWbAnP9qzX +yh4hd1O/B1zyE7hqRMZxZn5G5ibaf+AutDNJJbhoLgKWblNq1+cSym/x5+XMul66 +EgxaOVYVgfhwyqnHnCTYhz8ms8VbZmmWsmycEb/q+PDF8SxL1ORJO8UKGShGTRN8 +IpmkIzRPmqoOxnWmELm+BvZa2ATqAo+zSufS0X+VsUoyNuCNQRaMrsR3BhaHdY53 +KiQX6oPyNLj0fOchsFlSD6uQhZrEEy6n49wzykxUZODQ7TzqeCEo6EzdgvaOC/sv +HEKemQunVRjmPPXYq3ztwrbkF24vLmr8VJcHnTSnstvzTK7Bj96w5Xk0EGUY2jkn +7XpY1R56bu/ROCzVk031Zh8JjJNEwahPd4wK05NoaEEzlKwH+AuwJERhBHpzCFZD +epn8MRZhoTsULQ64B2G58qBnpJQK1IwSAV2kgqjaBse+Mhv16lmM8XUoDX5xDdMC +AwEAAaNTMFEwHQYDVR0OBBYEFEDRG1UmSY6a2RqLuP0YFGAKJmwvMB8GA1UdIwQY +MBaAFEDRG1UmSY6a2RqLuP0YFGAKJmwvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAHLZ0m/cGDjptEKKK1IV7D3egVwEJr3lCalyuAm1Lm3eSI7E +o/4hio0lJhkB4x7dZKveDZXYfTKGdsEPB/FdAq5zXqc6BD1VFwH9Hd7tISrQNDVv +3QqNSGhAKilj60Sb4ZINIS+hffCeNwBIKWxM0gvrFksTUGaxkSX0hZ8zRtHhP//X +I6PnnA8v/JvU7QjxpM3rsnOwyRBWZZRVmKEU2i1RhBett+Acj2DTwmrFryFHvl0v +UavfO0I3+0MIkzFfLhCal01aPMXESkBWT55yZIEz3KUbuTfaNUjz2fYh1DZ/INUW +ruBTZwdJoutdnxKf9HVnwO/NPWh3MNYb0210x8yTL0EyLxzBLH7krbre0mdL7D0t +QXEANF+X0KWIzzOF+pWTBvDFiDx5eA4ZxgSEBJ1m+PMaAyGAwgxNPBDJ4lVf0YyY +JwId46IPejiuxd0ExTskQ4NLVMJx+dlQQKOYueWbxM5DLG52YtuB7kfmOkq/aiMX +k7DW/a2jK1KJbzUafsELGYRu+KZDZxYAgTFIJQBL6TSwU6FGQYy5GIL+wwjzaM6y +SNtogAJl3ioGNSYh9ansoh1JgL7AKryez9YgHOkQwZqt5qT3ogBJH3pxM9w5YpSN +9TD2v1jzxYDT3Bkxj5WkhsszNJ2qX0ffKZVnAJWrkv4O8W6en+HLCOcMHNxN +-----END CERTIFICATE----- diff --git a/src/auracast/server/certs/ca_cert.srl b/src/auracast/server/certs/ca_cert.srl new file mode 100644 index 0000000..ac33afe --- /dev/null +++ b/src/auracast/server/certs/ca_cert.srl @@ -0,0 +1 @@ +3CD7CEC591EAD645892F49A2ECA1018C8AD98EB4 diff --git a/src/auracast/server/certs/ca_key.pem b/src/auracast/server/certs/ca_key.pem new file mode 100644 index 0000000..13136ef --- /dev/null +++ b/src/auracast/server/certs/ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDeDGDXUW6aI4KV +pmw3prsUmDUYyxUdGhw62IVgIB5Chnzski2LEp1zDevONG6ommSJq/0TcrfA/rqx +sNLEHB1g3ZYgoYQ0ssM4tPhLnihd56CBx7Na7ns37ZfipYmlroAClmDEqGq8cwye +aKCKQCn7mAfEQ+2+/6acs8qZyjI/xDJqTDH42XaI8ajSbgabArcdRIjeGFM5daFO ++MkEdMbLvuOMxdYOG6k1YJZsCc/2rNfKHiF3U78HXPITuGpExnFmfkbmJtp/4C60 +M0kluGguApZuU2rX5xLKb/Hn5cy6XroSDFo5VhWB+HDKqcecJNiHPyazxVtmaZay +bJwRv+r48MXxLEvU5Ek7xQoZKEZNE3wimaQjNE+aqg7GdaYQub4G9lrYBOoCj7NK +59LRf5WxSjI24I1BFoyuxHcGFod1jncqJBfqg/I0uPR85yGwWVIPq5CFmsQTLqfj +3DPKTFRk4NDtPOp4ISjoTN2C9o4L+y8cQp6ZC6dVGOY89dirfO3CtuQXbi8uavxU +lwedNKey2/NMrsGP3rDleTQQZRjaOSfteljVHnpu79E4LNWTTfVmHwmMk0TBqE93 +jArTk2hoQTOUrAf4C7AkRGEEenMIVkN6mfwxFmGhOxQtDrgHYbnyoGeklArUjBIB +XaSCqNoGx74yG/XqWYzxdSgNfnEN0wIDAQABAoIB/zNNjGfBe8Lx2bU+jvG1BeNA ++65DiYpVtu2ozU4Jhf3F5YjpIMwUDzBWqEE+v5TfpWR1fkXaHwxbzmf9TNsMKKES +3TSZ4+hcD8hpJBGD/fWOaNMhph94wV40KC9ubqGDzEim1L5PWqW+AixehN8NlVBJ +oJ4zX4H6mMaSZPE2Z4IuOs0SIxFSb5VtScOgnratItElDgihSk1uGQ/jmrQhBJ37 +mS9CmVhKTizhESJ81gsVX4POocbmuHUqdiw+LTL5GFbFWwR8s0GDBbk0fxDZNSXe +CuOrkbgqmG821msTO1/5/jMj1uQmEoY3W9gPA0hvJ/boOBJtfWTNTGxxyA81W1bE +PxK7Uoelv6ukSrATlknzkjxLOB9MwIk6s4wT+ThPHpJbQKqwtPMYAmEXev9JFWON +VRP4eYaFDgMz1EZnz4EnA+/KAnsonzaUjV/chG81rdHtc7qesI01LVwX/DMJowk1 +FemHqVJjtaJa1zZhvkCsy+1XMQ3I+Okh0FVqs4gMV9QbJwEQi8Be3SbXqSdV/Hgt +I81beOn/6yDbsNQ31+tirPdNZJcKIqRM7/hgBTEt/wiqN1WF0Qr6hYPvJGl+zLpz +aXwbo3ciylHLr32QKOuWRVgZFXCaMQbzrEzo/ptcvwdHAY9n9vWw951waBR98AJH +h1hR+g9OLXGDVejKJekCggEBAPh5r/YLHLUsTf/HZ/Oe7lwUtyt7mDZNfISNyuaI +PR3vqLQoB0Xbi8aJijjasW8TaRpva26XzVqzeAq4/GQqS5E4KFoUAMVbEW4p3vEI +5syJWPbQj3Ht/TAqjZbC6k/+1j0i2svVBRBvrDLBjR3+j+IWwBZ3c9OVis8iQM/J +0CPl6u4L+QEj3dY4NBcPCC2+tpGKOW46G0mVMWRjlyRaONIqMLONPsSLoOacNX75 +lbv/bZzQVr9oTBsJXqxXK2pbDm5S9xQZYYTo6IzA8CzXZ1mdi3OHXc+XLiX0VHiv +hs+rg5hDbSjfXqfFkk7fCS6gA0CJTmrxguUsr+4wjYN4CHcCggEBAOTF0J2JpWYs +OVhrbMQ3LmEgZhVOqConYG5f92JiG3uPPrQhkBJmGqyls5UgdOorC5El28RdlZTJ +7P8JPHU9VUU3Floyg2Kc5vIJz6Ck5GEsIbn79TT4cxeMWoyQd9oY9zA35NEvlDAB +v5csGZeCo85XozurSgdincDwdNGWsfPIapl6WMxJWHoOz4lwV/eOnfi+xMwVv/b5 +pX+3YMz7lx098H0bPerAQQI2Pj2wqLUNkpTbwmtVmlh/HDEDbkHxnN34x2zrJQxS +98dQIiKOy+vKdc8qCqgV86oPC3ErdEkxxacCnYJiyKc4MVi8p8M/YVOq5Kp+q/bL +n1wpSeXimIUCggEAE0Z9W/zosTVKp7j0W3XMz9/bhcgEutGwAyhswQ14kEXzNGaW +idjKMxCgZGCyuwcqdB6Imv+zsoGRomNPUQXm7tEIcFR06tpxs7YT0Wb7YIqXGC59 +sjzgE0h5y2Q7gREn1X5Kst1Hk0rWdOmG5PjGeKeDJzsFBTjol8D0fioNt3syilzr +aCc8Ik4h3FgSLlpJF2k9o0tmqoKkXkFLjEpjdgpH1OX0JJMgXENp8vuxne/mtO+E +izywCrjjW0M33vxJVk2hVTHS2timkaS1/QSIw+7wznmF0YDM16zokKQtNRb9EmbI +pQ8O7Lzq6Ktsru1C01LTfoBVwymATF3/3F8HaQKCAQEA5Kk4AA6RrJMtakxNdb31 +9IyunEN3YFLlVs1C9io7b//YW7FkUI+Pv9sLqVW8pkYKFLUzeY1Uslg2MyAnNsPs +E/egttzgZ9OOHoRh7B6ESwASYdQN3jkqyHG4G+FWej8T6zUi11doFafZuR8SIVcp +pVgBRuXJY6JVLYDqMoceLR24NtmMIfx5m95r3+LTehQpn3QGPjrLGe+jVQmUjq41 +97tuQY3WEGrDT5OqGH0X04fSaElThXcVg7jhE7hrHyyBb3h21E4gRLY1BRn6VHJI +LtC5eix6ZFE0sFjDRgV6AKLn/StnBej4x/Mpl5lRUZ1rCXa5ghSEi3QxP6vhOg6I +BQKCAQA28DtqLSQ/egqeOGY5EsZQW7rtO/DOUQ40rRzRuIwK+lA0OnjLbkUqiDBy +CVjuR11wKEF1gb//RlwWZc1OkNZAfhm5f49XY3FfjiBU+1yxH05r11ilSC5bh1dL +0D1bt2WivFSB1HaCOnCS1KqljilReBqqPUcN33nK4YlCoXwd6I8NRbq0TG6q4q6T +KF1W/3b227LVZ7PiZWntYtuxPjeamZMGyAPgTXILMwFfOnSdVPS+mu57vWKTgzrC +bMwlIdYVtXseolseLCELe5EO9ANIScfp/oj5x12Fz6UCejq1WsKKlPENRRGqK816 +ezBHOM0XW/NyHv3CkV3Ix0V9+aRK +-----END PRIVATE KEY----- diff --git a/src/auracast/server/certs/device.csr b/src/auracast/server/certs/device.csr new file mode 100644 index 0000000..cde231b --- /dev/null +++ b/src/auracast/server/certs/device.csr @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEtzCCAp8CAQAwHjEcMBoGA1UEAwwTYm94MS5hdXJhY2FzdC5sb2NhbDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALjzcRKkLi4eTP7vsy3DxzYjB1X9 +U/u5Y3m9wEkk5hdvu1TV1kpB0g2oo+NHQlTzmUIke50Cov1JFnoeJUz1BvFezR+h +QZOeRqvVJu4DeJJ7+II4WfR69g6geEXDiiFH2wN6YREqY5SGdJVGy7RyRFwGZYDh +YtB7R8LHBde/1d1Pw66IWn7hXqSssQAdiYAxIKgKhNfAHERQlirciKBKl25UJkHd +7gN0l5QVtrV+ZHDuYrkcWWUS+03N7AKHjUAfU2j5nug+JuWkkXryrgmcMltL7+aO +g7SzIUeQdsdXvkJVYK5DM/sFtEO0Pen8W50XUp82eUAXYTLSu/oU3rCUcqrCIxDH +oDlSC+roRH11odMtEjifBr5FAv83xfSQmydWGT96tWaqtCJ7zeAd7eZEYj8TJr30 +R81ZZJohT/zDfxBmaFl5dP6IEvLM65Tepp8resnvnHboQAL7vvEXrp10clY5FpMo +cq9X1Ej5Sk6Um1M2RdvQtQ0JFFBaKh50fQmFma7hARXJ/9vOkNnT1qKGEH4B9+h3 +VZofPLMYvgAN5kFR+9M0mNryzXbnayAw7IDvIIsd0OsudpSg0SsmOGFwBPWmMyIn +fqdyNtTXtZh4K2g+L8Sh7UsZzq4+1f/2B2lG816BDSioQ7mevyudaKyYn3cAQN6Z +wxWd6n+3bqo/1sODAgMBAAGgVDBSBgkqhkiG9w0BCQ4xRTBDMEEGA1UdEQQ6MDiC +ECouYXVyYWNhc3QubG9jYWyCE2JveDEuYXVyYWNhc3QubG9jYWyCCWxvY2FsaG9z +dIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEABMu4mdk7APnQwBHRKFdsKNQ0kfFR +EzVsMnhkP4aLHoKuD9lw8JE4cBgaB8BZkce3Sra/9B8WHHlWnlYeOXDguMCp6M8L +lO0K191+orTIr2sceslp929bp+itLDZG/qTMKl7N4oUZyEU5saEFoK1c3xK9u/7b +6VicmOo3ntVa9CzJ1yMwnIOPl84FsmC+L/rhDUj9XARwjwRavQ/cGyXO4IBQa+Uq +loOnw/Autd/XAejzpvSfNL3+12qrARr9h43r0RP8KHz+v/C7r7/JpJyvs24nJ5Rz +ZCVtYFQF5/tLRxEopRljC916mzXvjRwW/MslkNmJ90sWXqE3CIi0uWXkArDoXeg8 +tGX7vpq92oxHRuJw4yeoyeO+vEEQ8516+e75LJy+zd9zzYyM6/EziqOjC24+m/X0 +PUoLlHhObgIl7gSxKNPPSpJuCbfpCzCMtoZJIYfVFjIT3ASs9OWo0PGwVw1DRnT1 +/fHULLDnHP5NxpvCNujYOpsERH6HH1Dkz8+fQWfu6EhO7fJo3hZIVq9SXvglZKuq +ItpyhBEQsOKguAUjVVhk2iCRb4fAhK9jx4dV1eJIiFag8Oi+s0avZdjRXRj5PB3B +tDNHXdrxZVoC2SEKXzjf8+dGCsKsSZm+jCXCWMq4zs6kqronkEMQA43kgvnHyKPq +uUwb6+qK9NbVYr0= +-----END CERTIFICATE REQUEST----- diff --git a/src/auracast/server/certs/device_cert.pem b/src/auracast/server/certs/device_cert.pem new file mode 100644 index 0000000..b3f02c0 --- /dev/null +++ b/src/auracast/server/certs/device_cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIUPNfOxZHq1kWJL0mi7KEBjIrZjrQwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJTXlMb2NhbENBMB4XDTI1MDYyMDExNDMyMVoXDTI3MDky +MzExNDMyMVowHjEcMBoGA1UEAwwTYm94MS5hdXJhY2FzdC5sb2NhbDCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALjzcRKkLi4eTP7vsy3DxzYjB1X9U/u5 +Y3m9wEkk5hdvu1TV1kpB0g2oo+NHQlTzmUIke50Cov1JFnoeJUz1BvFezR+hQZOe +RqvVJu4DeJJ7+II4WfR69g6geEXDiiFH2wN6YREqY5SGdJVGy7RyRFwGZYDhYtB7 +R8LHBde/1d1Pw66IWn7hXqSssQAdiYAxIKgKhNfAHERQlirciKBKl25UJkHd7gN0 +l5QVtrV+ZHDuYrkcWWUS+03N7AKHjUAfU2j5nug+JuWkkXryrgmcMltL7+aOg7Sz +IUeQdsdXvkJVYK5DM/sFtEO0Pen8W50XUp82eUAXYTLSu/oU3rCUcqrCIxDHoDlS +C+roRH11odMtEjifBr5FAv83xfSQmydWGT96tWaqtCJ7zeAd7eZEYj8TJr30R81Z +ZJohT/zDfxBmaFl5dP6IEvLM65Tepp8resnvnHboQAL7vvEXrp10clY5FpMocq9X +1Ej5Sk6Um1M2RdvQtQ0JFFBaKh50fQmFma7hARXJ/9vOkNnT1qKGEH4B9+h3VZof +PLMYvgAN5kFR+9M0mNryzXbnayAw7IDvIIsd0OsudpSg0SsmOGFwBPWmMyInfqdy +NtTXtZh4K2g+L8Sh7UsZzq4+1f/2B2lG816BDSioQ7mevyudaKyYn3cAQN6ZwxWd +6n+3bqo/1sODAgMBAAGjgYYwgYMwQQYDVR0RBDowOIIQKi5hdXJhY2FzdC5sb2Nh +bIITYm94MS5hdXJhY2FzdC5sb2NhbIIJbG9jYWxob3N0hwR/AAABMB0GA1UdDgQW +BBTnr+xOaJFiSoxoVBQUgVvAjpZdiTAfBgNVHSMEGDAWgBRA0RtVJkmOmtkai7j9 +GBRgCiZsLzANBgkqhkiG9w0BAQsFAAOCAgEAbfV4CPxfqNsdvfvYVCtC9yViNajt +xzrilB31SIBhZ6fp4NcmhwR7PNmLkRhrs6R55usFu95zC74d6iaBP/PN1XSY18Ge +jSgEunfngoMrKMSoX2VI/JVeLQY2ImaVXxCtVCmc2Q/KQyKjpOh1ckddjCXRwO13 +aQX9STG4sEbjgHkp3cCQWrBX1YdLIGzaSLc47MmJknjbfQ311GguIYocP23yjNAS +R4mNbeF448Vikkse85aS4CxGQ7BwB2+3xKO6U4tv1yhqjF/hozTV3Cnky2LoFt4E +g930P50t7Z53TnfXGFNqsikBahipA06cQZ77nYtmvh9biPgrk+mBLSorsiuqTN4E +586mJUSF59FWD3WxzWXhMPpdjfiKBrL1hslOedFg13O5vfesiuMryVw3MqCdvS1V +O9DjlrE/jSOTVQc57vKMIcPDbopQ4GyvJ23p0zbAzJNIDkUvhyUFOSlL6PCivNr5 +ztlJVtYvtpEoA/K8ezRSH37QXIQfAD2LMEC8fwQ8EdbkFSAft8eSdoSJqswnWRCF +QeTOh6xxgckt/HLL3aktNclWqiERvaYz8osEmKJa5JvQ9S6ERcBCQIfpIrqF14yz +5gL6n8kqt0UkRj0dQfHdYSG6wkrrU2BlP8YR9c/tD44127X6m+9TlOytlnZ+Tx4f +nZkQB4WWU4IwwEw= +-----END CERTIFICATE----- diff --git a/src/auracast/server/certs/device_key.pem b/src/auracast/server/certs/device_key.pem new file mode 100644 index 0000000..bce3bf1 --- /dev/null +++ b/src/auracast/server/certs/device_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC483ESpC4uHkz+ +77Mtw8c2IwdV/VP7uWN5vcBJJOYXb7tU1dZKQdINqKPjR0JU85lCJHudAqL9SRZ6 +HiVM9QbxXs0foUGTnkar1SbuA3iSe/iCOFn0evYOoHhFw4ohR9sDemERKmOUhnSV +Rsu0ckRcBmWA4WLQe0fCxwXXv9XdT8OuiFp+4V6krLEAHYmAMSCoCoTXwBxEUJYq +3IigSpduVCZB3e4DdJeUFba1fmRw7mK5HFllEvtNzewCh41AH1No+Z7oPiblpJF6 +8q4JnDJbS+/mjoO0syFHkHbHV75CVWCuQzP7BbRDtD3p/FudF1KfNnlAF2Ey0rv6 +FN6wlHKqwiMQx6A5Ugvq6ER9daHTLRI4nwa+RQL/N8X0kJsnVhk/erVmqrQie83g +He3mRGI/Eya99EfNWWSaIU/8w38QZmhZeXT+iBLyzOuU3qafK3rJ75x26EAC+77x +F66ddHJWORaTKHKvV9RI+UpOlJtTNkXb0LUNCRRQWioedH0JhZmu4QEVyf/bzpDZ +09aihhB+Affod1WaHzyzGL4ADeZBUfvTNJja8s1252sgMOyA7yCLHdDrLnaUoNEr +JjhhcAT1pjMiJ36ncjbU17WYeCtoPi/Eoe1LGc6uPtX/9gdpRvNegQ0oqEO5nr8r +nWismJ93AEDemcMVnep/t26qP9bDgwIDAQABAoICAANRmv3SpGF/ebI5auWvVavL +BR6t5QvnT7mnhgPJ/bb98kabb7T1aWeFVyuE49PSazWcofs3SOVyokyerdyrqOw7 +30JqClszw+DheklbFpbKUrNDf5m7ex7YElBuKdRfDbcKQyOjtxW7M+xZ0N30DvX3 +x2qAoN1M2QTNvXUZpCTMgZ5oI/eS47fgwWxXG1iJiSR6y9dzQw6Ww5sRSgJWVFFO +gUE9UkANn4qwuQ6YrgS4wly//Xqq1IeY4ltJQ2ebKEwB7rAMLXaBdXrXT/gsLVsm +CbABbquXa0l1diwtjuRx08JMwmoGuC1e1p2UQbCX8ouY1qQnxz66OVVLepOAlm4i +H2PNbZY327H+dVc5+QAVtTlj3GWeMliNLFliNFmayXcjWOJ11laLFRtd+mAr2SWh +EIIB9zKTyHMKlsodgKmGCzbnxRumwA4jZXaLdOjD9YDY0Gib33fGuUgq16fQifOb +PCbP8TckK/JmDmL0YX+XKnVXtJ0mQ48IZ4p3eQrAVvIckuj8+Bj4vi3NE9p/mvp7 +oxrwS6SncVQvCqzqfIgUjlJRXVgLTSx3kgQANizT+T6eKCjgwTCv2pCCXFQsltsi +56XVsSy2iGTGsajpuL42lUFD2RBLMott7A94U6dQewzR+QlkObQ67EW5hu8F8Ykv +usiuXUQzS5avRHcLwG9BAoIBAQD2E0aadDiw0t7wMkmM1E1EGCcniz5ADKCNjuTC +AAjDtJ9OnRn24jSvgh7+OynBmzwFGPgY3CmT5QKDlVSqZGm25Hd30NDPvdcBKoet +zanUn8wfDAlRa1F40MMioZcMmeSNiM4qj9yzB3gBMZHdmKf+tTIAoV3a28X6A7le +iCeAIiO2NtcG3qsozgyKJOCYtFP3hb/5y8hBMhp05smYVdegZP8hRPG3IP7hgpPJ +YBhDaV9/ZLxMA3Fs74rUpGzE8fC6UUbfTKXikaMPavxT2Jlv/sh7/H+ns603oDIT +qOMccfS6zPm0pZWAf24gl1bWORRT+KvjEjWs2GMqFsOMe2HXAoIBAQDAaQ7Jmqoc +c9q9AUqyxF4jCDJRprcuxCOPBp0u4bELoSiz7T1Oo7JHJcdrEuvq+u9qwjhB6Ane +9kUat+QduVbbwz2n84rrxT3f3jwC0RLBdq4Sd7zEF9FAhe5dlEiKSnr9dPFhJTL+ +r4WmE0rqSTSmkyo2Zjgh4FALIIudB44g9iOnFakFEfb+wx5t59YSew56bT5juYEW +NVgfvDqPXxebTDBxcTW37PRgy+g4DeyOh5X6/O/93Q4T052BSWPsl27E9pfxVg3Q +teOdGDEsq6NqK8slbwW6oWXu8LZKLdcdzOKV9JESSnM4QxUKmzqTQgDfqaHrYfL5 +0vyVXX4p5E41AoIBAA0LRIjXdFHbO7ob0E5Iyre7WAf+l5QplzEpy/KEsfI91twB +8+hkYUqUaTQsyq/anLngcvZOZV3Tm+iBt/U4UWpCfhq51PfOJmGHcZ3C8ye0OMvE +hZHtUGpJFq71Rd6DIdxmzhbvfVF4KeJWUFcgynbz/+yMoT8Cu2HfZKogKYffR2lX +StqwXv5QvdVs0wMFPBY43s5NARaDo2di/Hi4xC9aazPGRdHhS+GEXHUmROL96PQF +0P1uiUqu//r5pFJkSNB3knwvwfNaqPwePbXsG2YWaWY5IkMvgRUbxsvH/hH58HEe +gHYU+PHQz3Om0hGVAQDag7ILuxCof8kxX7hIqg0CggEAHJP+FEeamJtEk+oLND4i +VUW0Y5hFgPa06VtsITh4WWfYadEE2BdMNXERC4BF9iLLSKoMPQ2/2ZPuc6d4hEmw +8vcuwzFTIu2q4QNbGnf/NyjvdeK+8Mkw1UqPOur5U0D4v4iNCYbC6j0btq0K5X12 +Cn+1N1s7Xxy4Bs8QrYQfwhmM9hYrgotGilRkwqI6k4gfgGOVbq5w0+Gccyo78GuJ +UBGi6FaOSgEx0ua2WQ0IY6sTxbGn26bnnl5B+J/z7YIYe7y8mKXVa3h4lC6xrxbX +ML/MboTs7ulmAHVUPfRNDSoPRYKLwZG5R1P/XhHsQ078XjwNxq5Hrn998JlwUbyN +OQKCAQA3jaK68cTwVYJyPIVHkRRLifcKp6iFU3nDgQq6blUUQzlwxixidL+pjyBz +GLXFods2DbbkdwG8d6M6OjvBs5HzFrf1iQ2g19uRN1hb6K0X5e8298fhtTGtEdoS +NwG6Be7SxkIfcWb4tROeE14WGlMa0LvoF/hvnFLMTr+k+2w3vtid6stU5e29DuL3 +LeMvIsoS6yCBotYRsVO1GID5VAFuXK0h4a0qSbAF/SiQCC+fz754/2AUGo6vnS8m +4Pw2Zc1hqEwtuKttXKqB4WUmEi+49mnVbwVfHlJ1qgdU45ubKb9IwLasqu3PD/rO +vknU8wzd8m/mF6bHYmlmM7k/Qpxg +-----END PRIVATE KEY----- diff --git a/src/auracast/server/certs/san.cnf b/src/auracast/server/certs/san.cnf new file mode 100644 index 0000000..4df5b12 --- /dev/null +++ b/src/auracast/server/certs/san.cnf @@ -0,0 +1,16 @@ +[req] +distinguished_name = req_distinguished_name +req_extensions = v3_req +prompt = no + +[req_distinguished_name] +CN = box1.auracast.local + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = *.auracast.local +DNS.2 = box1.auracast.local +DNS.3 = localhost +IP.1 = 127.0.0.1 diff --git a/src/auracast/server/change_domain_hostname.sh b/src/auracast/server/change_domain_hostname.sh new file mode 100644 index 0000000..601b501 --- /dev/null +++ b/src/auracast/server/change_domain_hostname.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# change_domain_hostname.sh +# Safely change the system hostname and Avahi mDNS domain name, update /etc/hosts, and restart Avahi. +# Usage: sudo ./change_domain_hostname.sh + +set -e + +if [[ $EUID -ne 0 ]]; then + echo "Please run as root (sudo $0 )" + exit 1 +fi + +if [[ $# -ne 2 ]]; then + echo "Usage: sudo $0 " + exit 1 +fi + +NEW_HOSTNAME="$1" +NEW_DOMAIN="$2" + +if [[ "$NEW_HOSTNAME" == *.* ]]; then + echo "ERROR: Hostname must be a single label (no dots)." + exit 1 +fi + +# Change hostname +hostnamectl set-hostname "$NEW_HOSTNAME" +echo "Set hostname to $NEW_HOSTNAME." + +# Update /etc/hosts for 127.0.1.1 mapping +if grep -q '^127.0.1.1' /etc/hosts; then + sed -i "s/^127.0.1.1.*/127.0.1.1 $NEW_HOSTNAME/" /etc/hosts +else + echo "127.0.1.1 $NEW_HOSTNAME" >> /etc/hosts +fi +echo "/etc/hosts updated." + +# Update Avahi domain name in /etc/avahi/avahi-daemon.conf +AVAHI_CONF="/etc/avahi/avahi-daemon.conf" +if grep -q '^\s*domain-name' "$AVAHI_CONF"; then + sed -i "/^\[server\]/,/^\s*\[/{s/^\s*domain-name\s*=.*/domain-name=$NEW_DOMAIN/}" "$AVAHI_CONF" +else + sed -i "/^\[server\]/a domain-name=$NEW_DOMAIN" "$AVAHI_CONF" +fi +echo "Set Avahi domain name to $NEW_DOMAIN." + +# Restart Avahi +echo "Restarting avahi-daemon..." +systemctl restart avahi-daemon + +echo "Done. Hostname: $NEW_HOSTNAME, Avahi domain: $NEW_DOMAIN" diff --git a/src/auracast/server/generate_ca_and_device_cert.sh b/src/auracast/server/generate_ca_and_device_cert.sh new file mode 100644 index 0000000..f817008 --- /dev/null +++ b/src/auracast/server/generate_ca_and_device_cert.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Script to generate a CA cert/key and a device/server cert signed by this CA +# Outputs: ca_cert.pem, ca_key.pem, device_cert.pem, device_key.pem + +CERT_DIR=certs +CA_CERT=$CERT_DIR/ca_cert.pem +CA_KEY=$CERT_DIR/ca_key.pem +DEVICE_CERT=$CERT_DIR/device_cert.pem +DEVICE_KEY=$CERT_DIR/device_key.pem + +# Generate CA key and cert if not present +if [ ! -f "$CA_KEY" ] || [ ! -f "$CA_CERT" ]; then + echo "Generating CA key and certificate..." + openssl req -x509 -newkey rsa:4096 -days 1825 -nodes -subj "/CN=MyLocalCA" -keyout "$CA_KEY" -out "$CA_CERT" +fi + +# Generate device key if not present +if [ ! -f "$DEVICE_KEY" ]; then + openssl genrsa -out "$DEVICE_KEY" 4096 +fi + +# Generate CSR for device with SAN (Subject Alternative Name) +openssl req -new -key "$DEVICE_KEY" -out $CERT_DIR/device.csr -config $CERT_DIR/san.cnf + +# Sign device CSR with CA, including SAN extension +openssl x509 -req -in $CERT_DIR/device.csr -CA "$CA_CERT" -CAkey "$CA_KEY" -CAcreateserial -out "$DEVICE_CERT" -days 825 -extensions v3_req -extfile $CERT_DIR/san.cnf + +# PEM version (for most browsers) +cp "$CA_CERT" "$CERT_DIR/ca_cert.crt" +# DER version (for Windows) +openssl x509 -in "$CA_CERT" -outform der -out "$CERT_DIR/ca_cert.der" + +echo "CA cert: $CA_CERT" +echo "CA cert (CRT for browser import): $CERT_DIR/ca_cert.crt" +echo "CA key: $CA_KEY" +echo "Device cert: $DEVICE_CERT" +echo "Device key: $DEVICE_KEY" +echo "Distribute $CA_CERT or $CERT_DIR/ca_cert.crt to clients to trust this device." diff --git a/src/auracast/server/start_frontend_http.sh b/src/auracast/server/start_frontend_http.sh new file mode 100644 index 0000000..111307a --- /dev/null +++ b/src/auracast/server/start_frontend_http.sh @@ -0,0 +1,2 @@ +# Start Streamlit HTTP server (port 8500) +poetry run streamlit run multicast_frontend.py --server.port 8500 --server.enableCORS false --server.enableXsrfProtection false --server.headless true --browser.gatherUsageStats false diff --git a/src/auracast/server/start_frontend_https.sh b/src/auracast/server/start_frontend_https.sh new file mode 100644 index 0000000..1f3651e --- /dev/null +++ b/src/auracast/server/start_frontend_https.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Unified startup script: generates certs if needed, starts HTTPS Streamlit and HTTP->HTTPS redirector + +CERT_DIR=certs +CERT=$CERT_DIR/device_cert.pem +KEY=$CERT_DIR/device_key.pem +CA_CERT=$CERT_DIR/ca_cert.pem +CA_KEY=$CERT_DIR/ca_key.pem + +echo "CA cert: $CA_CERT" +echo "Device cert: $CERT" +echo "Device key: $KEY" + +# Start Streamlit HTTPS server (port 8501) +poetry run streamlit run multicast_frontend.py --server.port 8502 --server.enableCORS false --server.enableXsrfProtection false --server.headless true --server.sslCertFile "$CERT" --server.sslKeyFile "$KEY" --browser.gatherUsageStats false diff --git a/src/auracast/server/start_mdns.sh b/src/auracast/server/start_mdns.sh new file mode 100755 index 0000000..aeebe0b --- /dev/null +++ b/src/auracast/server/start_mdns.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# Script to advertise the local device via mDNS for an HTTPS service. +# This allows other clients on the network to discover this device +# using its mDNS hostname (e.g., your-hostname.local) on the specified port. + +SERVICE_NAME="Auracast HTTPS Service" # You can customize this name +SERVICE_TYPE="_https._tcp" # Standard type for HTTPS services +SERVICE_PORT="8502" # Port specified in the request + +echo "Starting mDNS advertisement..." +echo "Command: avahi-publish-service -v \"$SERVICE_NAME\" \"$SERVICE_TYPE\" \"$SERVICE_PORT\"" + +avahi-publish-service -v "$SERVICE_NAME" "$SERVICE_TYPE" "$SERVICE_PORT" +EXIT_STATUS=$? + +# This part will be reached if avahi-publish-service exits. +if [ $EXIT_STATUS -eq 0 ]; then + echo "mDNS advertisement command finished with status 0." + echo "This might indicate an issue connecting to the avahi-daemon or a configuration problem." + echo "Please check for any messages above from avahi-publish-service itself." +else + echo "mDNS advertisement command exited with status $EXIT_STATUS." + echo "This might be due to an error, or if you pressed Ctrl+C (which typically results in a non-zero status from signal termination)." +fi