notmgsk
commented
5 years ago For context: it's not unthinkable that we would like to enable secure network communication between the QVM and a remote caller.
Open appleby opened 5 years ago
notmgsk
commented
5 years ago For context: it's not unthinkable that we would like to enable secure network communication between the QVM and a remote caller.
appleby
commented
5 years ago Per stylewarning's comment elsewhere, enabling SSL in QVM might not be required if we have something else (apache/nginx/whatever) do the SSL termination and proxy requests to QVM-APP.
notmgsk
commented
5 years ago I’m not familiar enough with this kinda technology to see how it would fit together. Could describe a hypothetical setup that would solve the issue of secure communication with QVM?
On 10 Aug 2019, at 00:17, appleby notifications@github.com wrote:
Per stylewarning's comment elsewhere, enabling SSL in QVM might not be required if we have something else (apache/nginx/whatever) do the SSL termination and proxy requests to QVM-APP.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
appleby
commented
5 years ago The basic idea is that something sits between QVM and the client and proxies connections between them. In this case, presumably on the same machine where QVM is running like so:
+--------------+
| QVM |
|localhost:5000|
| | |
| http |
| | |
| Proxy |
+------+-------+
|
| n
https e
| t
|
+-----+------+
| Client QMI |
+------------+It still preferable if the local part of the connection happens over https, but not as bad as http over an unsecured network.
appleby
commented
5 years ago Which isn't to say we shouldn't try to enable SSL. In my opinion, we still should. Just that it's lower priority than if there was a hard requirement for QVM to speak directly to remote clients.
We currently disable SSL in
build-app.lisp(and also the Makefile) like so:We'll want to find a way to enable SSL for QVM v2 without breaking the Windows build.