Hugging Face's logo

Spaces:
lerobot
/
LeLab
Running

App Files Community
LeLab / HTTPS_SETUP.md
GitHub CI
Sync from leLab @ 7317f7103e3a9d7f45fe4c0d6e4660a8f9d295e3
fc9bd9f
preview code
|
raw
history blame contribute delete
5.63 kB
# HTTPS Setup for Local Development
This guide explains how to enable HTTPS for the frontend development server to ensure camera access works properly from mobile devices.
## Why HTTPS is Required
Modern browsers require HTTPS for accessing sensitive APIs like `getUserMedia()` (camera access), especially when:
- Accessing from a different device (e.g., phone connecting to laptop's dev server)
- The origin is not `localhost` or `127.0.0.1`
Without HTTPS, camera access will be blocked by the browser's security policies.
## Automatic Setup
We've already set up HTTPS for you! The certificates are generated and the development server is configured to use them.
### Quick Start
1. **Start the development server:**
```bash
 npm run dev
 ```
2. **Access from your computer:**
- `https://localhost:8080`
 - `https://127.0.0.1:8080`
3. **Access from your phone:**
 - `https://192.168.1.103:8080` (or your current local IP)
## Manual Setup (if needed)
If you need to regenerate certificates or set up on a new machine:
```bash
# Run our setup script
./scripts/setup-https.sh
```
Or manually:
```bash
# Install mkcert
brew install mkcert # macOS
# For other platforms: https://github.com/FiloSottile/mkcert#installation
# Install local CA
mkcert -install
# Generate certificates
mkdir -p certs
cd certs
mkcert localhost 127.0.0.1 $(ipconfig getifaddr en0) ::1
cd ..
# Start development server
npm run dev
```
## Certificate Details
- **Location:** `./certs/`
- **Files:**
 - `localhost+3.pem` (certificate)
 - `localhost+3-key.pem` (private key)
- **Validity:** 3 months
- **Domains:** localhost, 127.0.0.1, your local IP, IPv6 localhost
## Mobile Device Setup
### For Phone Access:
1. **Ensure same WiFi network:** Your phone and development machine must be on the same WiFi network
2. **Find your local IP:**
```bash
 ipconfig getifaddr en0 # macOS
 # or check the console output when starting the dev server
 ```
3. **Access from phone:**
- Open Safari (iOS) or Chrome (Android)
 - Navigate to `https://YOUR_LOCAL_IP:8080`
 - You may see a security warning - this is normal for local certificates
4. **Accept the certificate:**
- **iOS Safari:** Tap "Advanced" → "Proceed to website"
 - **Android Chrome:** Tap "Advanced" → "Proceed to site (unsafe)"
5. **Test camera access:**
 - Go to the recording page OR use our camera test page: `https://YOUR_LOCAL_IP:8080/test-camera.html`
 - Try to add a camera or click "Start Camera"
 - The browser should prompt for camera permission
 - Grant permission to test `getUserMedia()` functionality
## Troubleshooting
### Certificate Issues
If you see certificate errors:
```bash
# Regenerate certificates
rm -rf certs/
./scripts/setup-https.sh
```
### IP Address Changes
If your local IP changes (common with DHCP):
```bash
# Check current IP
ipconfig getifaddr en0
# Regenerate certificates with new IP
rm -rf certs/
./scripts/setup-https.sh
```
### Port Already in Use
If port 8080 is busy:
```bash
# Check what's using the port
lsof -ti:8080
# Kill the process if needed
kill -9 $(lsof -ti:8080)
```
### Browser Cache Issues
If you're having issues after certificate changes:
1. Clear browser cache and cookies for localhost
2. Restart the browser
3. Try incognito/private mode
## Network Address Detection
The app automatically detects the appropriate URL for phone access:
- **Localhost access:** Automatically converts to network IP for QR codes
- **Network access:** Uses current URL as-is
- **Domain access:** Works with existing SSL certificates
You can see the detected address in:
- Browser console logs
- Camera configuration UI (blue info box)
## Security Notes
- These certificates are only trusted on your local machine
- They're perfect for development but should never be used in production
- The private key is stored locally and should not be shared
- Certificates expire after 3 months for security
## Production Deployment
For production:
- Use a proper SSL certificate from a trusted CA
- Configure your reverse proxy (nginx, Apache) or hosting platform
- Ensure HTTPS is enforced across your entire application
## Verification
To verify HTTPS is working:
1. **Check the URL bar:** Should show `https://` with a lock icon
2. **Check console:** Network address detection should show HTTPS URLs
3. **Test camera access:** `getUserMedia()` should work without security errors
4. **Check from phone:** Camera permissions should be available
### Quick Test Page
We've included a dedicated camera test page for easy verification:
**Desktop:** `https://localhost:8080/test-camera.html`
**Phone:** `https://192.168.1.103:8080/test-camera.html`
This page will:
- ✅ Verify HTTPS and secure context
- ✅ Test camera permissions and `getUserMedia()`
- ✅ Display real-time video stream
- ✅ Show detailed connection information
- ✅ Provide troubleshooting guidance
### Expected Results
**✅ Success indicators:**
- Green protocol check: "Camera access should work!"
- Camera permission prompt appears
- Video stream displays without errors
- No console security warnings
**❌ Failure indicators:**
- Red protocol check: "Camera access may be blocked"
- `NotAllowedError` or `NotSecureError` in console
- No camera permission prompt
- "This site is not secure" warnings
## Additional Resources
- [mkcert GitHub Repository](https://github.com/FiloSottile/mkcert)
- [MDN: getUserMedia()](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia)
- [Chrome Developer: HTTPS for Localhost](https://web.dev/how-to-use-local-https/)