Use wss:// instead of ws:// with ws4redis.

[TheSalarKhan]

Hi!

I'm currently working on an audio/video chatting web-application. I use Django for housing the REST API and ws4redis for web socket support. The app uses the following packages (versions):

dj-static==0.0.6
Django==1.10.5
redis==2.10.5
django-redis-sessions==0.5.6
django-websocket-redis==0.4.8
static3==0.7.0
djangorestframework==3.6.2
django-oauth-toolkit==0.12.0
oauthlib==2.0.1
virtualenv==15.1.0
django-cors-headers==2.0.2

To run the application in the development mode (you might already know this but...):

$ ./manage.py runserver
Performing system checks...

System check identified no issues (0 silenced).
April 23, 2017 - 23:44:23
Django version 1.10.5, using settings 'tele.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
Websocket support is enabled

The app is running fine! It has websockets and everything but now, there's a requirement to have https:// in my development environment, and consequently we would also want to wss:// instead of ws://. I've managed to get Django to run with https:// using django-sslserver and the following configuration in 'settings.py'

INSTALLED_APPS = [
    'sslserver',
    ...
    'ws4redis'
]
....
WEBSOCKET_URL = '/ws/'
....
WS4REDIS_EXPIRE = 7200
WS4REDIS_PREFIX = 'ws'
WS4REDIS_HEARTBEAT='--heartbeat--'
WSGI_APPLICATION = 'ws4redis.django_runserver.application'

.... 

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True

But look! Here's how I launch the secure development server:

$ ./manage.py runsslserver
Validating models...

System check identified no issues (0 silenced).
April 23, 2017 - 23:46:57
Django version 1.10.5, using settings 'tele.settings'
Starting development server at https://127.0.0.1:8000/
Using SSL certificate: /home/salar/.local/lib/python2.7/site-packages/sslserver/certs/development.crt
Using SSL key: /home/salar/.local/lib/python2.7/site-packages/sslserver/certs/development.key
Quit the server with CONTROL-C.

Notice! it does not say 'Websocket support is enabled'. Which - from what I understand - means that ws4redis is not working. Please help me, or let me know if you need more information.

[jrief]

Puh! I never used django-sslserver, because usually I terminate https on NGiNX and proceed with WSGI. The entrypoint for ws4redis is outside of Django's main loop, hence django-sslserver may not catch and encrypt its payload.

[TheSalarKhan]

Does this mean we'll never be able to run wss:// in development, unless we use nginix? If thats true, can you please point me to a resource which would help me in setting up https along with wss on nginix? I'd be grateful! Thank you for the reply! :)

[jrief]

I wouldn't say that we never are able to run wss:// in development, but it's certainly a lot of work to implement. If you are familiar with OpenSSL, you can certainly have a look on how to implement an encrypted datagram stream in Python.

This could even be implemented as a separate library. You then have to wrap that encrypted stream inside ws4redis.django_runserver.WebsocketRunServer().

[TheSalarKhan]

Alright! I'm closing this issue then! thank you! :)

[tombroi]

Can anyone help me to configure wss support using nginx and uwsgi

[Prashanth-M]

Can anyone help me to configure wss support using nginx and uwsgi

this config should under the nginx server config location /wss2/ { proxy_pass http://wssocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_redirect off; proxy_read_timeout 86400s; proxy_send_timeout 86400s; keepalive_timeout 86400s;

prevents 502 bad gateway error

        proxy_buffers 8 32k;
        proxy_buffer_size 64k;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        reset_timedout_connection on;
    }

And check the connection using wss://example.com/wss2