[Nfd-dev] Secure websocket support in NFD?

Alex Afanasyev alexander.afanasyev at ucla.edu
Tue Jan 27 23:30:45 PST 2015 

Junxiao, can you make a wiki page with these instructions?

—
Alex

> On Jan 27, 2015, at 9:33 PM, Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
> 
> Dear folks
> 
> It's quite easy to add a wss=>ws proxy. Here's how:
> 
> 1. Assume you already have a working HTTPS website on nginx.
> 
> 2. Edit /etc/nginx/sites-enabled/https-site
> Put the following at the top of this file:
> map $http_upgrade $connection_upgrade {
>   default upgrade;
>   '' close;
> }
> Put the following inside 'server' section:
>   location /NFD {
>     proxy_pass http://[2001:db8::1]:9696;
>     proxy_http_version 1.1;
>     proxy_set_header Upgrade $http_upgrade;
>     proxy_set_header Connection "Upgrade";
>   }
> Substitute 2001:db9::1 with the IP address of NFD. I only tested IPv6.
> 
> 3. Edit ndn.js:
> Look for 'new WebSocket', and change the parameter into:
> connectionInfo.wsuri || ('ws://' + connectionInfo.host + ':' + connectionInfo.port)
> 
> 4. Edit web app:
> Change "new Face({ host:'nfd.example.com <http://nfd.example.com/>', port:9696 })" to "new Face({ wsuri:'wss://secure.example.com/NFD <http://secure.example.com/NFD>' })".
> 
> Yours, Junxiao
> 
> On Fri, Jan 23, 2015 at 1:46 PM, Junxiao Shi <shijunxiao at email.arizona.edu <mailto:shijunxiao at email.arizona.edu>> wrote:
> Hi Jeff
> 
> An alternate to NFD serving wss directly is to add a frontend TLS=>TCP/HTTP proxy, such as STunnel or nginx.
> But I'm not sure how to configure those.
> 
> Yours, Junxiao
> 
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150127/399cc007/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150127/399cc007/attachment.bin>

More information about the Nfd-dev mailing list