weixin_39527879
weixin_39527879
2021-01-07 05:41

Cleartext server

Would it be possible to change the underlying TLS server to a regular HTTP server? I want to have multiple (different) HTTPS/SPDY apps running on the same system. For this I need to route the incomming HTTPS requests with nginx for example. Only problem is, that nginx et al require certificates and then decrypt the connection before routing it.

So, can we change the underlying server or do you incidentally know about a better way to route the incomming traffic? Preferably something that just reads the SNI field and doesn't do much modification?

该提问来源于开源项目:spdy-http2/node-spdy

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

5条回答

  • weixin_39592789 weixin_39592789 4月前

    Huh? node-spdy already automatically supports falling back from SPDY to https. That's because its relying on NPN TLS/SSL extension. Is that what you're looking for?

    点赞 评论 复制链接分享
  • weixin_39527879 weixin_39527879 4月前

    Ah, I think you got me wrong. Here's an example.

    On my root server I have on IP address. Now one root server is pretty big for only one node app. I have about 10 different, isolated project running there. Each has it's own domain. To makle them all available on port 80 I have nginx configured to proxy all incomming requests on port 80 to different ports, based on the domain name.

    
    my-domain.com:80   -> localhost:3001
    example.com:80     -> localhost:3002
    random.com:80      -> localhost:3003
    foo-bar.com:80     -> localhost:3004
    

    Now I want the same setup for port 443. nginx is capable of proxying TLS requests, but it wants to decrypt the connection first. I would need to make node-spdy expect already decrypted requests and leave all the TLS stuff up to nginx.

    Is this even possible? Or would you route the requests with another tool? How do you do it?

    点赞 评论 复制链接分享
  • weixin_39527879 weixin_39527879 4月前

    Sweet! Thank you. :)

    Does it still support WebSockets?

    点赞 评论 复制链接分享
  • weixin_39592789 weixin_39592789 4月前

    Well, afaik they're running on their own protocol, derived from HTTP/1.1

    点赞 评论 复制链接分享
  • weixin_39527879 weixin_39527879 4月前

    Currently using sails with my #739 patch. WebSockets work just fine :)

    点赞 评论 复制链接分享

相关推荐