ssl sockets?

krissd · 2013-05-30T04:17:02+00:00

Hello! On Fri, May 31, 2013 at 6:08 AM, Ron Gomes wrote: > Thanks for the patch. The assertion failures are gone but there's a new > problem. Our co...

ssl sockets?

krissd

Hiya,

I've been using an openresty nginx/lua web server for what must be coming up to about year now ever since I decided to move my code away from googles app engine. You can find the source to what I'm runing on my bitbucket at https://bitbucket.org/xixs/anlua should you be currious. Or try some of my live sites, I have a test webgame running at http://hoe.4lfa.com/hoe for instance which is what I was originally using as a basic test.

It was mostly a quick hack to move my code base off of appengine and get it running again (IE it still has a few hacks I should really fix) but it has been a live server for a while now with only one really really annoying problem for me.

Previously I had a sign on system from google/twitter/facebook and I would love to get that back in. However these sites require that I talk to them via https when doing user handshakes.

Unfortunately the SSL socket code is not wired up to lua in nginx so I can not communicate with these sites. I have had a browse through the code but I'm not really 100% sure of how the nginx tcp sockets are bound into lua so gave up and decided to wait. That was some time ago now.

So my question is:

I know its listed under TODO but are SSL sockets really likely to get added in the near future? Should I just keep waiting with my fingers crossed? :)

If not then are there any tips on what code changes would be needed to achieve this so I can have another look at patching it in myself?

Cheers,

Kriss

leafot

I've successfully been using proxy_pass and an internal location to make https requests, you can see my implementation here: (Sorry it's in MoonScript): https://github.com/leafo/lapis/blob/master/lapis/nginx/http.moon

You can ignore everything past line 76.

On Wed, May 29, 2013 at 1:17 PM, Kriss Blank <kr...@gmail.com> wrote:

Hiya,

I've been using an openresty nginx/lua web server for what must be coming up to about year now ever since I decided to move my code away from googles app engine. You can find the source to what I'm runing on my bitbucket at https://bitbucket.org/xixs/anlua should you be currious. Or try some of my live sites, I have a test webgame running at http://hoe.4lfa.com/hoe for instance which is what I was originally using as a basic test.

It was mostly a quick hack to move my code base off of appengine and get it running again (IE it still has a few hacks I should really fix) but it has been a live server for a while now with only one really really annoying problem for me.

Previously I had a sign on system from google/twitter/facebook and I would love to get that back in. However these sites require that I talk to them via https when doing user handshakes.

Unfortunately the SSL socket code is not wired up to lua in nginx so I can not communicate with these sites. I have had a browse through the code but I'm not really 100% sure of how the nginx tcp sockets are bound into lua so gave up and decided to wait. That was some time ago now.

So my question is:

I know its listed under TODO but are SSL sockets really likely to get added in the near future? Should I just keep waiting with my fingers crossed? :)

If not then are there any tips on what code changes would be needed to achieve this so I can have another look at patching it in myself?

Cheers,

Kriss

.

agentzh

Hello!

On Wed, May 29, 2013 at 1:17 PM, Kriss Blank wrote:
> So my question is:
>
> I know its listed under TODO but are SSL sockets really likely to get added
> in the near future? Should I just keep waiting with my fingers crossed? :)
>

Yes, SSL cosockets will be added in the near future, very likely in
the next few months or so.

For upstream https communications, you can use ngx.location.capture()
with the standard ngx_proxy module instead of cosockets as suggested
by leaf corcoran.

> If not then are there any tips on what code changes would be needed to
> achieve this so I can have another look at patching it in myself?
>

As always, you're welcome to submit patches for ngx_lua :)

Basically you can just take a look at how the standard ngx_proxy does
this and borrow the code if feasible.

Best regards,
-agentzh

krissd

On Wednesday, May 29, 2013 9:33:17 PM UTC+1, leaf corcoran wrote:

I've successfully been using proxy_pass and an internal location to make https requests, you can see my implementation here: (Sorry it's in MoonScript): https://github.com/leafo/lapis/blob/master/lapis/nginx/http.moon

You can ignore everything past line 76.

Thank you I'll have a look to see if I can just hack that in easily, it looks possible :)

Cheers,

Kriss

krissd

Yes, SSL cosockets will be added in the near future, very likely in
the next few months or so.

For upstream https communications, you can use ngx.location.capture()
with the standard ngx_proxy module instead of cosockets as suggested
by leaf corcoran.

Thanks, I'll probably try a proxy hack first and see how it goes.

I did look through the source before but I'm afraid I don't have my head wrapped around how nginx works enough to understand what was going on so stepped away after staring at it for a while. Maybe I'll try again :)

Cheers,

Kriss

krissd

Hiya,

Just to say that I have finally gotten round to working on this and the proxy_pass setup works perfectly.

Previously I was using sockets to perform http requests but pushing it through the proxy_pass style setup is even simpler and lets nginx handle the https problem as well. This is enough to deal with my server to server communication needs :)

Cheers,