Facebook
Twitter
Lrnt
Basic Pleskian
- Server operating system version
- Debian 12.7
- Plesk version and microupdate number
- Plesk Obsidian 18.0.64 Mise à jour n° 1 Web Pro Edition
Hello!
I have a "webapp" (basically a mini site) running with PHP/mySQL and JavaScript on my Plesk Obsidian 18.0.64 server with Debian 12.7.
This webapp runs on an Android tablet in different "rooms" and allows users to place drink orders and, more importantly, control a sound console and a lighting console.
The sound console is a Soundcraft Ui12, which has an unsecured websocket that allows making WS calls: ws://[soundcraft_local_ip]/[command].
The lighting console is a Cuety LPU-2, which can receive HTTP calls to trigger actions: http://[cuety_local_ip]/action.
Basically, you push a button on webapp it send a request to the device and the lights change or sound volume increase.
As a result, I have to run my webapp in unsecured HTTP to avoid CORS issues during these calls.
This is becoming a major issue as browsers are increasingly secure, and the manufacturers of my devices won't modify their systems to be secured.
I would like to run my webapp on HTTPS, but this is incompatible with the HTTP of the Cuety and the WS of the Soundcraft.
Is there a relatively simple way to transform (or make it seem like) my requests to these devices are "secured," so I no longer have CORS problems?
Maybe through an Nginx proxy or directives on the domain (without modifying the general server configuration), a subdomain, or something else?
The goal would be for me to make HTTPS and WSS requests, but in reality, they would call HTTP and WS.
I hope you understand my problem. Of course, I can provide more details.
Thank you very much for your help.
I have a "webapp" (basically a mini site) running with PHP/mySQL and JavaScript on my Plesk Obsidian 18.0.64 server with Debian 12.7.
This webapp runs on an Android tablet in different "rooms" and allows users to place drink orders and, more importantly, control a sound console and a lighting console.
The sound console is a Soundcraft Ui12, which has an unsecured websocket that allows making WS calls: ws://[soundcraft_local_ip]/[command].
The lighting console is a Cuety LPU-2, which can receive HTTP calls to trigger actions: http://[cuety_local_ip]/action.
Basically, you push a button on webapp it send a request to the device and the lights change or sound volume increase.
As a result, I have to run my webapp in unsecured HTTP to avoid CORS issues during these calls.
This is becoming a major issue as browsers are increasingly secure, and the manufacturers of my devices won't modify their systems to be secured.
I would like to run my webapp on HTTPS, but this is incompatible with the HTTP of the Cuety and the WS of the Soundcraft.
Is there a relatively simple way to transform (or make it seem like) my requests to these devices are "secured," so I no longer have CORS problems?
Maybe through an Nginx proxy or directives on the domain (without modifying the general server configuration), a subdomain, or something else?
The goal would be for me to make HTTPS and WSS requests, but in reality, they would call HTTP and WS.
I hope you understand my problem. Of course, I can provide more details.
Thank you very much for your help.
