> > > > WebSocket-over-SSL should work just like regular HTTP, since it opens the > connection in HTTP mode and then uses the Upgrade: header to negotiate a > switch to the WebSocket protocol. This is supposed to be invisible to a > proxy, if the proxy is just passing through the undecrypted SSL traffic to > the server — the proxy doesn't even know there's WebSockets going on. > > So perhaps the issue here is that (I think) you're instead using nginx to > do the SSL encryption itself? In that case nginx will need to manage the > WebSocket protocol, open a WebSocket connection to SG, and relay messages > back and forth. Maybe it needs special configuration to do that? > > We are using nginx to do the SSL decryption/encryption. Nginx is supposed to handle the websocket - you used to have to make a tcp proxy configuration but nginx does support the protocol natively now - if you switch to non-ssl it works perfectly with the web socket packets even when proxying. I'm sure the issue here is nginx rather than sync gateway / couchbase lite.
I suspect the issue is that nginx is missing some inspection of the later packets (because they are encrypted) and sees them as a new connection. Doing a little research that specific iOS error is often triggered when an SSL session is mistakenly delivered to port 80 and then redirected to port 444 - the HTTP redirect is seen as bogus data and causes the overflow. It's not the same issue here, but something similar. I'm away from home until tomorrow but I'll do some tcpdump and then take this to the nginx list and see if we can find the issue there as I'm sure the issue is a proxy one. I'll update you on the ticket you created. -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/e665e19a-c29b-427b-9b32-1a6f59e3a29e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
