-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
switchable secure mode #97
base: master
Are you sure you want to change the base?
Conversation
@rusekr Thanks for the PR. The reason(s) that I'm reluctant to add https support is that:
Would you consider using nginx before the bosh proxy? Is there something that the nginx based solution can't provide? |
May be on production we'll be using nginx. But now nginx is still need to be installed and configured but https is already required. And having option to make https without additions seems not too bad for us :) p.s.: May be nodejs performance is not too bad as it was earlier. Here http://habrahabr.ru/post/123154/ people succeed in testing 1 000 000 simultaneous connections to nodejs server. p.p.s: Gzip - http://stackoverflow.com/questions/8880741/node-js-easy-http-requests-with-gzip-deflate-compression |
Is it possible for you to use https://github.com/nodejitsu/node-http-proxy for testing? It seems easy(ier) to set up than nginx. The test http://habrahabr.ru/post/123154/ uses the cluster module (hence not single threaded, whereas node-xmpp-bosh is single threaded) and only compares small http requests (not https or any processing involved). Because of all the processing overhead involved in a bosh server, typical QPS doesn't cross a few thousand. Thanks for the gzip link! However, my concern is with the gzip CPU overhead instead of the easy of use (which I may add, node.js has been a champion of). I wrote a post on scaling parts of your stack separately http://dhruvbird.blogspot.com/2011/03/scale-out-with-services-scale-services.html a while ago, and you would typically have more bosh proxy instances than nginx instances, and management is easier if the TLS certs are in one place (nginx or apache for example) rather than all over the place. Is it possible for you to avoid https natively in the bosh proxy? |
If nginx is already used on server, it makes complete sense. But there is not good idea to add yet another system's element without strong reason. node-xmpp-bosh is equal in https-speed to nginx, but nginx is wasteful of made connections' memory. It's critically important for xmpp-server because of low traffic but lots of connections. |
Oh. Got it. |
I have some more comments before I can get this in - will post in a bit. |
I can buy the performance argument (wrt # of connections using more resources, etc...) as a valid reason to support https built-in. |
Hello! |
Hello, dhruvbird! |
bump :) |
Fixed priority of "--secure" run option. Now https works while configured in bosh.conf.js too.. |
I am not sure why this isn't merged already. We are trying to use this library but current browsers (Chrome) won't permit insecured connections from https pages. Deploying another proxy just for one server when all of our other node servers use https just fine doesn't make much sense. |
Probably you try test without secured certificates: https://code.google.com/p/chromium/issues/detail?id=141839 |
+1 for merge |
+1 for merge. |
I'm getting the following error (not sure if I'm doing it right)
Output:
|
It can't found certificate file mentioned in --config=./bosh.conf.example.js It has to be key and cert pair or one pfx file. (in this config it named ./cert/server.pfx). You can interactively generate sample pfx certificate by runing: or edit configuration file to use generated without "pfx" option key and crt pair. Script puts it in ./cert directory. Normally this file(s) given by certification authority or generated by you and signed with certification authority than it will be "green" in address bar in browser. |
Hey guys, any updates on this? The HTTPS option is required for any single page app (SPA) trying to communicate with the BOSH server if the app itself is served securely. Yes, the SSL terminating proxy ahead of the bosh should solve the issue, however this is a major PITA for dev/uat scenarios in startups where resources are already desperately low. Any help will be appreciated. |
lol. more than two years. |
Hello!
Want to add option for starting https with wss instead of http server with ws.
Minor changes - new feature. Some people may need this. For example we need secure websockets now for testing :)
Tried not to break coding style/modularization.
And big thanks for original :)