Using secure websockets server side with Zinc

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Using secure websockets server side with Zinc

CyrilFerlicot
Hi!

I am trying to deploy a Seaside application that uses Zinc's websockets.

I use nginx and I have a TLS certificate for the application so I need
to use secure websockets (wss://) and not simple websockets (ws://).

I got a problem because the client could not access to the server
because it was failing the handshake.

I could make it work by using nginx to manage the certificate. But I was
wondering if it would be possible with Zinc to give the access to the
certificate to manage the connection instead of doing it via nginx. Is
it possible to do this?

Thanks in advance.

--
Cyril Ferlicot
https://ferlicot.fr

Reply | Threaded
Open this post in threaded view
|

Re: Using secure websockets server side with Zinc

Sven Van Caekenberghe-2
Hi Cyril,

You can run a ZnSecureServer with a specific certificate. See the class comment. But, this is a bit experimental, you need a very specific certificate and I have only seen it work on Linux.

If you front you Seaside app with Nginx, I assume you are doing HTTPS -> HTTP in Nginx. I would suggest you try doing WWS -> WS as well. This does mean that connections are kept open of course (implicit in WebSockets). I have not yet done this myself, but it should work theoretically.

The thing is, you will find 100x more info on (correct) TLS/SSL setup on Nginx, and app proxying is totally accepted today.

Please let us know how it goes ;-)

Sven

> On 2 May 2018, at 16:21, Cyril Ferlicot D. <[hidden email]> wrote:
>
> Hi!
>
> I am trying to deploy a Seaside application that uses Zinc's websockets.
>
> I use nginx and I have a TLS certificate for the application so I need
> to use secure websockets (wss://) and not simple websockets (ws://).
>
> I got a problem because the client could not access to the server
> because it was failing the handshake.
>
> I could make it work by using nginx to manage the certificate. But I was
> wondering if it would be possible with Zinc to give the access to the
> certificate to manage the connection instead of doing it via nginx. Is
> it possible to do this?
>
> Thanks in advance.
>
> --
> Cyril Ferlicot
> https://ferlicot.fr
>


Reply | Threaded
Open this post in threaded view
|

Re: Using secure websockets server side with Zinc

CyrilFerlicot
On 02/05/2018 16:29, Sven Van Caekenberghe wrote:
> Hi Cyril,
>

Thank you for the infos and the fast reply :)

> You can run a ZnSecureServer with a specific certificate. See the class comment. But, this is a bit experimental, you need a very specific certificate and I have only seen it work on Linux.
>

Good to know!

> If you front you Seaside app with Nginx, I assume you are doing HTTPS -> HTTP in Nginx. I would suggest you try doing WWS -> WS as well. This does mean that connections are kept open of course (implicit in WebSockets). I have not yet done this myself, but it should work theoretically.
>

This is what I do now and it works fine. I just wanted to know if there
was an alternative to write it in the documentation of the project
(since it will be open source).

> The thing is, you will find 100x more info on (correct) TLS/SSL setup on Nginx, and app proxying is totally accepted today.
>

Ok, so I'll probably just give an example with nginx in the documentation :)

> Please let us know how it goes ;-)
>
> Sven
>
>


--
Cyril Ferlicot
https://ferlicot.fr

Reply | Threaded
Open this post in threaded view
|

Re: Using secure websockets server side with Zinc

Francisco Ortiz Peñaloza
Sorry for the OT but I interested in how you're using WebSockets and Seaside. 

Can you share how are you mix them together?



On Wed, May 2, 2018 at 11:40 AM Cyril Ferlicot D. <[hidden email]> wrote:
On 02/05/2018 16:29, Sven Van Caekenberghe wrote:
> Hi Cyril,
>

Thank you for the infos and the fast reply :)

> You can run a ZnSecureServer with a specific certificate. See the class comment. But, this is a bit experimental, you need a very specific certificate and I have only seen it work on Linux.
>

Good to know!

> If you front you Seaside app with Nginx, I assume you are doing HTTPS -> HTTP in Nginx. I would suggest you try doing WWS -> WS as well. This does mean that connections are kept open of course (implicit in WebSockets). I have not yet done this myself, but it should work theoretically.
>

This is what I do now and it works fine. I just wanted to know if there
was an alternative to write it in the documentation of the project
(since it will be open source).

> The thing is, you will find 100x more info on (correct) TLS/SSL setup on Nginx, and app proxying is totally accepted today.
>

Ok, so I'll probably just give an example with nginx in the documentation :)

> Please let us know how it goes ;-)
>
> Sven
>
>


--
Cyril Ferlicot
https://ferlicot.fr

Reply | Threaded
Open this post in threaded view
|

Re: Using secure websockets server side with Zinc

CyrilFerlicot
Le 06/05/2018 à 20:46, Francisco Ortiz Peñaloza a écrit :
> Sorry for the OT but I interested in how you're using WebSockets and
> Seaside. 
>
> Can you share how are you mix them together?
>

Hi,

We do it in this project:

https://github.com/TelescopeSt/TelescopeCytoscape

This project allow to create a model of visualization (nodes and their
contents, layouts, interactions, and update mechanism) then to render it
with the CytoscapeJs visualization framework.

The Seaside part is really small. We just use Seaside to render an empty
div and initialize a cytoscape visualization inside. We could probably
do without Seaside but we did this project for a Seaside application.
(And we use the existing callbacks mechanism)

During the rendering we open a web socket and we generate the initial
cytoscape visualization inside the empty div generated by Seaside.

Then when the user interact with the visualization, it communicates the
interactions via the web socket to the Pharo server and if it should
impact the visualization, commands to do so are sent via the websocket
to the client.

In this project the main part for the websocket management are:

- TLCytoscapeComponent : The Seaside component registering the
visualization
(https://github.com/TelescopeSt/TelescopeCytoscape/blob/development/src/Telescope-Cytoscape/TLCytoscapeComponent.class.st)
- TLCytoscapeWebSocketDelegate : The class managing the websocket server
side
(https://github.com/TelescopeSt/TelescopeCytoscape/blob/development/src/Telescope-Cytoscape/TLCytoscapeWebSocketDelegate.class.st)
- CYSFileLibrary>>cytoscapeTelescopeJs : The javascript managing the
socket client side
(https://github.com/TelescopeSt/TelescopeCytoscape/blob/development/src/Telescope-Cytoscape-Libraries/CYSFileLibrary.class.st#L539)

If you need more details just ask :)


--
Cyril Ferlicot
https://ferlicot.fr


signature.asc (836 bytes) Download Attachment