search

mikemintz / rethinkdb-websocket-server

Node.js WebSocket server that proxies to RethinkDB. Supports query validation.
MIT License
156 stars 22 forks source link

Sent a message on the issue. Thanks! #10

Closed mividtim closed 8 years ago

mikemintz commented 8 years ago

@mividtim thanks so much for submitting this. I have a couple comments on it before I want to merge it.

For consistency with the rethinkdb javascript driver's behavior, let's take a single dbSsl argument instead of both dbSecure and dbCACert, and have similar logic like on net.coffee lines 163-168 and lines 944-949.

That way, a user can look at an example like the compose.io page on RethinkDB and SSL

r.connect({
  host: 'aws-eu-west-1-portal.1.dblayer.com',
  port: 10605,
  authKey: 'QBXORIDHnnjkvUyhexl1nKcnAxbIqPBcrHeqkWglXc',
  ssl: {
    ca: caCert
  }
}, [...])

and replace it with something very similar looking:

RethinkdbWebsocketServer.listen({
  dbHost: 'aws-eu-west-1-portal.1.dblayer.com',
  dbPort: 10605,
  dbAuthKey: 'QBXORIDHnnjkvUyhexl1nKcnAxbIqPBcrHeqkWglXc',
  dbSsl: {
    ca: caCert
  },
  [...]
)}
mikemintz commented 8 years ago

Also, can you undo the changes to package.json, and squash all of the commits into one? It's okay to git push -f and rewrite history since it's a feature branch.

mividtim commented 8 years ago

Done! Unfortunately, it works locally, but still times out from Heroku. One thing I can think of is that I'm not using WSS locally. Do you have an environment set up to test that configuration locally? i.e. WSS and TLS with CA to Compose at the same time?

Thanks,

Tim

On Sun, Feb 14, 2016 at 1:46 PM Mike Mintz notifications@github.com wrote:

@mividtim https://github.com/mividtim thanks so much for submitting this. I have a couple comments on it before I want to merge it.

For consistency with the rethinkdb javascript driver's behavior https://rethinkdb.com/api/javascript/connect/, let's take a single dbSsl argument instead of both dbSecure and dbCACert, and have similar logic like on net.coffee lines 163-168 https://github.com/rethinkdb/rethinkdb/blob/next/drivers/javascript/net.coffee#L163-L168 and lines 944-949 https://github.com/rethinkdb/rethinkdb/blob/next/drivers/javascript/net.coffee#L944-L949 .

That way, a user can look at an example like the compose.io page on RethinkDB and SSL https://www.compose.io/articles/rethinkdb-and-ssl-think-secure/

r.connect({ host: 'aws-eu-west-1-portal.1.dblayer.com', port: 10605, authKey: 'QBXORIDHnnjkvUyhexl1nKcnAxbIqPBcrHeqkWglXc', ssl: { ca: caCert } }, [...])

and replace it with something very similar looking:

RethinkdbWebsocketServer.listen({ dbHost: 'aws-eu-west-1-portal.1.dblayer.com', dbPort: 10605, dbAuthKey: 'QBXORIDHnnjkvUyhexl1nKcnAxbIqPBcrHeqkWglXc', dbSsl: { ca: caCert }, [...] )}

— Reply to this email directly or view it on GitHub https://github.com/mikemintz/rethinkdb-websocket-server/pull/10#issuecomment-183948939 .

mikemintz commented 8 years ago

@mividtim Make sure you also check the rethinkdb-websocket-server console. Sometimes when I get a timeout in the browser console, I see an actual underlying error in the node.js console.

So to make sure I understand what's going on, you want to have the following:

  1. WSS from frontend (rethinkdb-websocket-client running on browser) to backend (rethinkdb-websocket-server running on heroku)
  2. TLS with custom cacert from backend to database (rethinkdb on compose)

Which one of the links is failing? If you use regular insecure WS from frontend to backend, but custom cacert from backend to database, does it work? Since it works locally, I'm assuming it's the first link that's failing.

mikemintz commented 8 years ago

Closing, since it was resubmitted as https://github.com/mikemintz/rethinkdb-websocket-server/pull/11