After this patch, I found I got "A turbulence detected!" as soon as I opened
the page, and BadCertificate errors in the log.
To save others some debugging, the problem was that the patch changes the
domain in the wss:// URL from the domain used by the user to access the
site, to the one in http_frontend_public_address.
e.g.
1. the user loads up https://wave.mydomain/
2. they confirm the certificate for "wave.mydomain"
3. the browser connects to wss://123..../ (using the IP address)
4. the browser doesn't trust the certificate for "123..."
5. the browser drops the connection without asking the user
Setting http_websocket_presented_address to match the value the client
enters fixes it (though I'm not sure this is reliable; if the client used an
IP address to access the server then it would fail again - they really have
to match).
BTW, are we ready to merge the client SSL support yet?
On 2012-09-25 13:24, Ali Lown wrote:
On Sept. 24, 2012, 9:07 p.m., Yuri Zelikov wrote:
Well, maybe it has something to do with waveinabox.net running on EC2...
Anyway, the path LGTM.
Commited as r1389830.
- Ali
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7230/#review11860
-----------------------------------------------------------
On Sept. 24, 2012, 6:38 p.m., Ali Lown wrote:
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7230/
-----------------------------------------------------------
(Updated Sept. 24, 2012, 6:38 p.m.)
Review request for wave, Yuri Zelikov and Vicente J. Ruiz Jurado.
Description
-------
This extends vjrj's review to make the websocket domain configurable separately
from the rest of the server, by allowing the 'given' address/port to vary with
the 'real' address/port (for use behind firewalls, load balancers etc.)
In my situation, I needed to make the presented websocket address to be on port
443, but to listen on port 9898 for the actual connection, since iptables maps 443
-> 9898 on the server so that the WIAB server can run as non-root.
Diffs
-----
/server-config.xml 1379829
/server.config.example 1379829
/src/org/waveprotocol/box/server/CoreSettings.java 1379829
/src/org/waveprotocol/box/server/rpc/WaveClientServlet.java 1379829
Diff: https://reviews.apache.org/r/7230/diff/
Testing
-------
works on my server.
Thanks,
Ali Lown
--
Dr Thomas Leonard
IT Innovation Centre
Gamma House, Enterprise Road,
Southampton SO16 7NS, UK
tel: +44 23 8059 8866
mailto:t...@it-innovation.soton.ac.uk
http://www.it-innovation.soton.ac.uk/
