Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting wss:// and https:// protocol #55

Open
snowmantw opened this issue Oct 4, 2012 · 5 comments
Open

Supporting wss:// and https:// protocol #55

snowmantw opened this issue Oct 4, 2012 · 5 comments

Comments

@snowmantw
Copy link

I did some modifications in my forked project, but they're all dirty hack. So, maybe @dhruvbird can support them officially ?

What I modified:

  • https-server.js: Copy http-server.js and add cert/key options in it. Now we have HTTPServer and HTTPSServer...
  • bosh.js & main.js: Create HTTPSServer while cert/key options given.
  • options flow: Some options detecting and loading cert steps in several files.
  • run-server.js: Options and tips ( ws:// -> wss:// ; http:// -> https:// )
@dhruvbird
Copy link
Collaborator

@snowmantw Thanks for the patch.

Some thoughts:

  1. TLS processing is heavy, so my initial idea was not to include TLS endpoints. If you do want them, put NXB behind apache or nginx. Either ways, you probably have a web-site that apache/nginx is serving, so you'll have these set up.
  2. I can add this to a TLS branch for sure.
  3. Depending on how many (or badly) people want this change, it could go on master.

@sonnyp
Copy link
Contributor

sonnyp commented Mar 6, 2013

@dhruvbird any reason why TLS processing would be particularly heavy for node-xmpp-bosh/Node.js?

@dhruvbird
Copy link
Collaborator

@sonnyp My reasons are not founded in numbers (they should ideally be), but it seems that people have casually mentioned that TLS processing is heavy. This is especially bad if you're running on a single CPU (which we are). Plus, I would expect a production deployment to have nginx or some other reverse proxy to handle gzip and TLS termination. Plus it makes it easy to manage TLS certs. if done that way rather than having everyone update SSL certs. at the node.js application layer.

Hey, I could be totally wrong, and these might not be valid deployment concerns - just saying based on conversations I've had with the ops. folks at my previous org.

@sonnyp
Copy link
Contributor

sonnyp commented Mar 6, 2013

@dhruvbird We proxy the traffic using haproxy, I was interested in technical implications and your arguments against performances make sense.

@dhruvbird
Copy link
Collaborator

@sonnyp (y) - let me know if you have any numbers online suggesting that it is a bad idea since profiling before concluding is a good idea. We didn't have a pressing need to support TLS on http/ws since we were deploying stuff behind nginx/elastic-LB since https termination almost always happened elsewhere... Good to know that you guys also use a proxy in front of node.js.

@Trim Trim mentioned this issue Dec 5, 2014
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sonnyp @dhruvbird @snowmantw