SSL Support #25

New issue

Closed

opened 2017-09-06 01:23:03 +00:00 by jamie · 4 comments

jamie commented

2017-09-06 01:23:03 +00:00

(Migrated from git.hazaar.io)

I'm not sure how far I'm going to get with this one, but I may need to support SSL and Secure WebSockets (WSS).

Basically, if the main application is running HTTPS then ws:// connections are disallowed, meaning for Warlock to work with HTTPS enabled applications, we need to support WSS connections.

There's a few things that need to be supported here:

The warlock client URL override needs to support protocol prefix so we can specify wss:// prefix for connections. This is to fix an issue I'm having where the frontend is HTTPS via a proxy but the proxy connects as HTTP so the URL generator doesn't know HTTPS is being used. For normal connections the next issue will fix this.
The warlock URL generator will need to detect if the client is using HTTPS and use WSS automatically.
The server will then need to support SSL. I have no idea how I'm going to do this. Hopefully there is an SSL library.

I'm not sure how far I'm going to get with this one, but I may need to support SSL and Secure WebSockets (WSS). Basically, if the main application is running HTTPS then ws:// connections are disallowed, meaning for Warlock to work with HTTPS enabled applications, we need to support WSS connections. There's a few things that need to be supported here: 1. The warlock client URL override needs to support protocol prefix so we can specify wss:// prefix for connections. This is to fix an issue I'm having where the frontend is HTTPS via a proxy but the proxy connects as HTTP so the URL generator doesn't know HTTPS is being used. For normal connections the next issue will fix this. 1. The warlock URL generator will need to detect if the client is using HTTPS and use WSS automatically. 1. The server will then need to support SSL. I have no idea how I'm going to do this. Hopefully there is an SSL library.

jamie commented

2017-09-06 01:25:47 +00:00

(Migrated from git.hazaar.io)

changed the description

jamie commented

2017-09-06 03:37:51 +00:00

(Migrated from git.hazaar.io)

Looks like I might be able to get the web server itself to support WSS and just redirect to Warlock.

Read: https://stackoverflow.com/questions/38838567/proxy-websocket-wss-to-ws-apache

Looks like I might be able to get the web server itself to support WSS and just redirect to Warlock. Read: https://stackoverflow.com/questions/38838567/proxy-websocket-wss-to-ws-apache

jamie commented

2017-09-06 05:34:06 +00:00

(Migrated from git.hazaar.io)

This is all sorted. The WebSocket client now supports a useSSL flag. This is configured by the helper based on the warlock configuration.

{
  "client": {
    "ssl": true
  }
}

The above config will turn on SSL and the client will connect with wss://. This, along with reverse proxy redirect alias on the web server allows SSL connections to be forwarded to Warlock.

This is all sorted. The WebSocket client now supports a ```useSSL``` flag. This is configured by the helper based on the warlock configuration. ```json { "client": { "ssl": true } } ``` The above config will turn on SSL and the client will connect with ```wss://```. This, along with reverse proxy redirect alias on the web server allows SSL connections to be forwarded to Warlock.

jamie commented

2017-09-06 05:34:06 +00:00

(Migrated from git.hazaar.io)

closed