-
Notifications
You must be signed in to change notification settings - Fork 141
SSL #20
Comments
Good question. It isn't a design feature right now. We use haproxy to
terminate SSL before the web-socket server. We are interested in playing
with the TLS work that @Drawaes has done for "pipelines", but that would be
a radically different architecture, think "son of NetGain". So for now,
your best bet AFAIK is: terminate ahead of the server.
…On Sat, 14 Apr 2018, 21:24 Terry Phillips, ***@***.***> wrote:
The website that I am using to connect to the socket server uses SSL. How
can I do this?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#20>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABDsKJb9NJtkH8aqsMWn4CmQMpalgyZks5tolr9gaJpZM4TVNmc>
.
|
Ah, ok. I am on windows server so that may be a bit hard. Thanks for the info though. |
So are we :)
…On Sun, 15 Apr 2018, 03:24 Terry Phillips, ***@***.***> wrote:
Ah, ok. I am on windows server so that may be a bit hard. Thanks for the
info though.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#20 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABDsE2xXXMu3_Ew9NLeLrnk6bab_ZZlks5toq94gaJpZM4TVNmc>
.
|
Or rather, we use both.
…On Sun, 15 Apr 2018, 08:20 Marc Gravell, ***@***.***> wrote:
So are we :)
On Sun, 15 Apr 2018, 03:24 Terry Phillips, ***@***.***>
wrote:
> Ah, ok. I am on windows server so that may be a bit hard. Thanks for the
> info though.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#20 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AABDsE2xXXMu3_Ew9NLeLrnk6bab_ZZlks5toq94gaJpZM4TVNmc>
> .
>
|
It would be great to understand how you did that! Btw, thanks for this library and so many others that you have open sourced. I am a huge user/proponent of dapper and stackexchtange.redis :) |
Hey @mgravell I've sucessfully set up haproxy to terminate SSL before the websocket server, but I have this problem where now my websocket server logs the IP Address the proxy is binded to. I've read that HAProxy can send a header to the websocket server containing the original, remote IP that made the request. But is there any way of reading the request headers with NetGain? Do you log remote IP Addresses on your websocket servers? How do you do so. |
@devMidgard Unfortunately we don’t have this case - the volume of websocket traffic in play is too large to log reasonably, so it’s just not a case we hit. In our case, sockets are also secondary and admittedly not as critical to page function as other places |
Do you have a working example of how i can use HAProxy to terminate SSL and then forward to netgains via websocket? |
Here's the frontend/backend snippets for our HAProxy config to terminate SSL for our NetGain WSS connections. The backend port should match your NetGain WS port where as the frontend port can be anything you like (that's what the clients would connect to):
|
The website that I am using to connect to the socket server uses SSL. How can I do this?
The text was updated successfully, but these errors were encountered: