How can i configure SSL? about centrifugo HOT 24 CLOSED

In general I would put centrifugo behind a reverse proxy, like nginx for instance - that allows you greater flexibility, so you can host other things on the same server, and use the standard SSL port.

That said, I can send in a PR with TLS support, so you can use your certificate for centrifugo.

from centrifugo.

Hello, we are running Centrifugo behind Nginx. And it's strongly recommended to run Centrifugo behind Nginx or sth similar. So we just configure SSL in Nginx configuration - see commented ssl directives in configuration example.

Also I can add TLS built in (http://golang.org/pkg/net/http/#ListenAndServeTLS) - this requires some work but you will be able to run Centrifugo providing cert.pem and key.pem files. Is it necessary or you can go with Nginx?

from centrifugo.

Thanks !

Oh it can be good feature if by default centrifugo listen on http and https just by editing the configuration. See this example : https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/auth-reference.html

I will try to configure nginx.

from centrifugo.

I have many app on same server running on Apache Do you have any configuration to use apache to serve https for centrifugo?

from centrifugo.

@klauspost thanks a lot! @yagobski I will make new 0.2.2 release later today

from centrifugo.

Thank you @klauspost @FZambia ! Centrifugo is really awesome. I will wait for your release.

from centrifugo.

How you do to compile from source Centrifugo?

from centrifugo.

If you mean how I create binary releases then see release.sh (https://github.com/centrifugal/centrifugo/blob/master/release.sh)

It requires Go installed, also godep and gox tools.
If you have Go installed then something like this should do a work:

git clone https://github.com/centrifugal/centrifugo.git
cd centrifugo
go get go get github.com/tools/godep
godep restore
go get github.com/mitchellh/gox
./release.sh 0.2.1

Not tested steps above though - maybe forgot something

from centrifugo.

@yagobski v0.2.2 released!

from centrifugo.

Thank u very much !

from centrifugo.

I install the new release all start fine but i can't connect anymore :

client will connect to SockJS endpoint
centrifuge.js:684 Status disconnected -> connecting
centrifuge.js:684 Send Object {method: "connect", params: Object, uid: "1"}method: "connect"params: Objectinfo: ""project: "TEST"timestamp: "1435309309"token: "440add23d87ed14ed0b94b215bf5c931"user: "225"proto: Objectuid: "1"proto: Object
centrifuge.js:684 Status connecting -> disconnected

from centrifugo.

Maybe this helps:

http://stackoverflow.com/questions/18637730/how-to-use-secure-websockets-with-sock-js

from centrifugo.

even with wss://xxx:8000/connection/websocket it not working

from centrifugo.

Anything in the "network" tab in Chrome that could help?

from centrifugo.

No error just for websocket i get 101 Switching Protocols

["{"method":"connect","params":{"user":"225","project":"TEST","info":"","timestamp":"1435310324","token":"14f7d5211a2cf388bda172a7456b1b"},"uid":"3"}"]

from centrifugo.

Sorry i get this error now : :8000/connection/info?t=1435311061415 net::ERR_INSECURE_RESPONSE17.r._start @ sockjs.min.js:2(anonymous function) @ sockjs.min.js:2

from centrifugo.

http://stackoverflow.com/questions/23688565/failed-to-load-resource-neterr-insecure-response

As you are using self signed certificate you should open https://centrifuge_address:8000/connection/info in browser tab and allow ssl connection

from centrifugo.

it is the bundle certificat problem. Any why to add --bundle to complete ssl configuration?
On MAC OS if there is no bundle certificate sometime it make this error. but it is not the issue about my problem. Thanks for your help i will try to found on internet and comeback.

from centrifugo.

Don't understand what you mean under bundle certificate problem?

Just created self signed certificate using instruction from https://devcenter.heroku.com/articles/ssl-certificate-self , then opened https://localhost:8000/connection/info in chrome and allowed ssl connection. Both ws and sockjs endpoints work fine. And I am using Mac OS too.

from centrifugo.

Sometime when i use safari on mac i have this error :
WebSocket network error: OSStatus Error -9807: Invalid certificate chain
I have valid certificat from Comodo. Works fine most of the time but sometime in safari i get this error on different laptop.

I resolve this problem for my app using apache by adding the bundle package. But with centrifugo i can't pass the bundle file.

SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCertificateFile /etc/apache2/ssl/xxx.com.crt
SSLCertificateChainFile /etc/apache2/ssl/xxx.com.ca-bundle

I want to pass this param SSLCertificateChainFile to centrifugo.

Thanks in advance

from centrifugo.

I am not an expert in tls configuration - but maybe that chain file can be concatenated into cert file which Centrifugo accepts - see last messages in this thread https://groups.google.com/forum/m/#!topic/golang-nuts/TnwfKyotEIY - sounds similar, can it help?

from centrifugo.

Yes it works thanks

2015-07-06 18:21 GMT+02:00 Alexandr Emelin [email protected]:

I am not an expert in tls configuration - but maybe that chain file can be
concatenated into cert file which Centrifugo accepts - see last messages in
this thread
https://groups.google.com/forum/m/#!topic/golang-nuts/TnwfKyotEIY -
sounds similar, can it help?

—
Reply to this email directly or view it on GitHub
#27 (comment)
.

from centrifugo.

Nice! You are welcome, I will appreciate if you write full receipt how to build such certificate here - can be useful for someone in future

from centrifugo.

Sure. It is very easy I just create new centrifugo.crt file and i have put
the original crt content + bundle content in the same file.
I call it like this :

--ssl --ssl_cert=/etc/apache2/ssl/centrifugo.crt
--ssl_key=/etc/apache2/ssl/private.key

2015-07-06 19:01 GMT+02:00 Alexandr Emelin [email protected]:

Nice! You are welcome, I will appreciate if you write full receipt how to
build such certificate here - can be useful for someone in future

—
Reply to this email directly or view it on GitHub
#27 (comment)
.

from centrifugo.