This will install the necessary libraries, build the server executable, and also build the docker file.
cd <your directory where you cloned the repo>/openshift
./build.sh
$ docker run -p 9999:9999 -p 9443:9443 pweil/hello-websocket
Serving at :9999
Serving TLS at :9443
This assumes you are running in the vagrant environment and that OpenShift is running. If you are not, please adjust the ip addresses accordingly. Your vagrant machine must be set up with an IP address that can be reached from the host machine. This can be accomplished by using the private or public network options.
Example:
override.vm.network "private_network", ip: "10.245.2.2"
$ vagrant ssh master
$ hack/install-router.sh router https://10.0.2.15:8443
Creating router file and starting pod...
router
$ cd
$ git clone https://github.com/pweil-/hello-websockets.git
$ cd hello-websockets/openshift
$ osc create -f pod.json
hello-websocket
$ osc get pods
POD IP CONTAINER(S) IMAGE(S) HOST LABELS STATUS
hello-websocket 172.17.0.3 hello-websocket pweil/hello-websocket openshiftdev.local/127.0.0.1 name=hello-websocket Running
router 172.17.0.2 origin-haproxy-router-router openshift/origin-haproxy-router openshiftdev.local/127.0.0.1 <none> Running
All of these use cases build upon each other. If you are not following them in order please add the appropriate steps to create any missing services or routes.
$ osc create -f service_unsecure.json
hello-ws
$ osc create -f route_unsecure.json
ws-unsecure
Now, on your host machine you'll want to run the client.html in a browser. The client uses a url of www.example.com.
You can add an entry into your host machine's /etc/hosts
that points to your vagrant machine's IP Address
$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost hello-external.v3.rhcloud.com
::1 localhost6.localdomain6 localhost6
10.245.2.2 www.example.com
To test this route click the Test Unsecure link. You should see output as depicted below.
$ osc create -f route_edge.json
ws-edge
Now, to test a secure route we must first accept the self signed certificate. Otherwise, the websocket connection will fail. To do this, you can navigate to [https://www.example.com/echo] and you should be prompted by your browser. Follow your browser's instructions to import/accept the certificate.
To test this route click the Test Secure link. You should see output as depicted below.
$ osc delete route ws-edge
ws-edge
$ osc create -f route_passthrough.json
ws-passthrough
$ osc create -f service_secure.json
hello-ws-secure
To test this route click the Test Secure link. You should see output as depicted below.
$ osc delete route ws-passthrough
ws-passthrough
$ osc create -f route_reencrypt.json
ws-reencrypt
# check the cert being served by the pod is for www.example.com
$ openssl s_client -servername www.example.com -connect $(osc get -t "{{.portalIP}}:{{.port}}" service hello-ws-secure) | grep subject
depth=0 CN = www.example.com, ST = SC, C = US, emailAddress = [email protected], O = Example, OU = Example
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = www.example.com, ST = SC, C = US, emailAddress = [email protected], O = Example, OU = Example
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = www.example.com, ST = SC, C = US, emailAddress = [email protected], O = Example, OU = Example
verify error:num=21:unable to verify the first certificate
verify return:1
subject=/CN=www.example.com/ST=SC/C=US/[email protected]/O=Example/OU=Example
^C
# check the cert being served by the router is www.example2.com (which matches our route config)
$ openssl s_client -servername www.example2.com -connect 10.0.2.15:443 | grep subject
depth=1 C = US, ST = SC, L = Default City, O = Default Company Ltd, OU = Test CA, CN = www.exampleca.com, emailAddress = [email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
subject=/CN=www.example2.com/ST=SC/C=SU/[email protected]/O=Example2/OU=Example2
^C
To test this route, we need to adjust /etc/hosts
to now point the www.example2.com domain at our router ip address.
$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost hello-external.v3.rhcloud.com
::1 localhost6.localdomain6 localhost6
10.245.2.2 www.example2.com
Now, test by clicking the Test Reencrypt link in the browser.