[Nfd-dev] Secure websocket support in NFD?
Alex Afanasyev
alexander.afanasyev at ucla.edu
Tue Jan 27 23:30:45 PST 2015
Junxiao, can you make a wiki page with these instructions?
—
Alex
> On Jan 27, 2015, at 9:33 PM, Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
>
> Dear folks
>
> It's quite easy to add a wss=>ws proxy. Here's how:
>
> 1. Assume you already have a working HTTPS website on nginx.
>
> 2. Edit /etc/nginx/sites-enabled/https-site
> Put the following at the top of this file:
> map $http_upgrade $connection_upgrade {
> default upgrade;
> '' close;
> }
> Put the following inside 'server' section:
> location /NFD {
> proxy_pass http://[2001:db8::1]:9696;
> proxy_http_version 1.1;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "Upgrade";
> }
> Substitute 2001:db9::1 with the IP address of NFD. I only tested IPv6.
>
> 3. Edit ndn.js:
> Look for 'new WebSocket', and change the parameter into:
> connectionInfo.wsuri || ('ws://' + connectionInfo.host + ':' + connectionInfo.port)
>
> 4. Edit web app:
> Change "new Face({ host:'nfd.example.com <http://nfd.example.com/>', port:9696 })" to "new Face({ wsuri:'wss://secure.example.com/NFD <http://secure.example.com/NFD>' })".
>
> Yours, Junxiao
>
> On Fri, Jan 23, 2015 at 1:46 PM, Junxiao Shi <shijunxiao at email.arizona.edu <mailto:shijunxiao at email.arizona.edu>> wrote:
> Hi Jeff
>
> An alternate to NFD serving wss directly is to add a frontend TLS=>TCP/HTTP proxy, such as STunnel or nginx.
> But I'm not sure how to configure those.
>
> Yours, Junxiao
>
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150127/399cc007/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150127/399cc007/attachment.bin>
More information about the Nfd-dev
mailing list