Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VerneMQ HTTPs support #2265

Open
SameerTi opened this issue Mar 8, 2024 · 12 comments
Open

VerneMQ HTTPs support #2265

SameerTi opened this issue Mar 8, 2024 · 12 comments

Comments

@SameerTi
Copy link

SameerTi commented Mar 8, 2024

Hi,

According to the Document below, VerneMQ has HTTP and Json Client Libraries
https://docs.vernemq.com/plugin-development/luaplugins#http-and-json-client-libraries

My Question is, does it support https too?
If so could you please share any example or share how can we configure certificates...etc?
Examples of "https" call from lua script of VQM diversity!?

Regards,
Sameer Tiwari
@ioolkos
Copy link
Contributor

ioolkos commented Mar 8, 2024

@SameerTi In case you're looking to integrate into a HTTP backend, I think you're better off using the WebHooks plugin. (which also supports HTTPS).

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@SameerTi
Copy link
Author

SameerTi commented Mar 8, 2024

Thanks @ioolkos for Quick response.
Requirement is to be able to connect with Oracle via Lua plugin, however, I guess, that's not supported, please correct me If I'm wrong..!!
Hence started to look into "https" direction for Authentication purposes.
If above is not supported, and like you said, to use WebHooks plugin, could you please share some examples of that for "https" ?

@ioolkos
Copy link
Contributor

ioolkos commented Mar 8, 2024

@SameerTi I just noticed that some edits on the doc for 1.12.3 were not merged downstream, so some options regarding HTTPS are missing in the WebHooks docs for newer releases.
Find the basic HTTPS options here: https://docs.vernemq.com/v/1.12.3/plugin-development/webhookplugins#configuring-webhooks
I'll have to merge this forward into docs for newer releases and main branch. Apologies!

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@mths1
Copy link
Contributor

mths1 commented Mar 8, 2024
edited

FWIW Lua also supports https out-of-the-box (not suggesting it is a better option than the webhooks plugin

http.ensure_pool({pool_id = "test"})
ret = http.post("test", "https://www.google.com", "", {x_post_header = "X-POST-HEADER"})
print(ret.status)
body = http.body(ret.ref)
print(body)

@SameerTi
Copy link
Author

FWIW Lua also supports https out-of-the-box (not suggesting it is a better option than the webhooks plugin

http.ensure_pool({pool_id = "test"})
ret = http.post("test", "https://www.google.com", "", {x_post_header = "X-POST-HEADER"})
print(ret.status)
body = http.body(ret.ref)
print(body)

Hi @mths1
Thanks for your response.
Do you have any examples of "https" usage inside Lua plugin script , where its required to configure certificates, keyStore etc.?
That would be very helpful

Thanks,
Sameer

@SameerTi
Copy link
Author

@SameerTi I just noticed that some edits on the doc for 1.12.3 were not merged downstream, so some options regarding HTTPS are missing in the WebHooks docs for newer releases. Find the basic HTTPS options here: https://docs.vernemq.com/v/1.12.3/plugin-development/webhookplugins#configuring-webhooks I'll have to merge this forward into docs for newer releases and main branch. Apologies!

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq 👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

Hi @ioolkos
Could you please confirm, if both of the below can be turned ON at the same time and be working seamlessly?

plugins.vmq_diversity = on
plugins.vmq_webhooks = on

@ioolkos
Copy link
Contributor

ioolkos commented Mar 11, 2024

@SameerTi you can run vmq_webhooks and vmq_diversity in parallel (or rather: in a chain). The way this works is that the first auth plugin will be called and if it returns "next", then the next plugin will be called to authenticate that client.

So, there's 2 things you need to do:

  1. have a load order, defined by the config order in vernemq.conf, or by explicitly configuring a priority:
plugins.vmq_webhooks.priority = 1
plugins.vmq_diversity.priority = 2
  1. Make the first plugin in your chain return "next" (instead of "false") when it cannot auth the client.
    Here's the doc for auth_on_register in the WebHooks plugin:
    https://docs.vernemq.com/plugin-development/webhookplugins#auth_on_register

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@SameerTi
Copy link
Author

SameerTi commented Mar 12, 2024
edited

Hi @ioolkos
If we don't define a Priority on webhooks and diversity, would they still work fine in parallel?

Also, as @mths1 mentioned earlier, that "Lua also supports https out-of-the-box...."

Could you please share any examples of "https" usage inside Lua plugin script where it's required to configure certificates, keyStore etc.? That would be very helpful".

Lua gives us options of receiving a response and apply some custom logic using Lua scripts.
However with Webhooks, it's all configured in vernemq.conf file and then we can't apply our custom logic there, can we?

@ioolkos
Copy link
Contributor

ioolkos commented Mar 12, 2024

@SameerTi as mentioned before, the load order of plugins should be determined by the order you have them in the vernemq.conf. You can also check this with vmq-admin plugin show

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@SameerTi
Copy link
Author

FWIW Lua also supports https out-of-the-box (not suggesting it is a better option than the webhooks plugin

http.ensure_pool({pool_id = "test"})
ret = http.post("test", "https://www.google.com", "", {x_post_header = "X-POST-HEADER"})
print(ret.status)
body = http.body(ret.ref)
print(body)

Hi @mths1 Thanks for your response. Do you have any examples of "https" usage inside Lua plugin script , where its required to configure certificates, keyStore etc.? That would be very helpful

Thanks, Sameer

Hi @mths1 ,
Appreciate if you could please share any example where certificates are used for "https" calls in lua scripts.

@mths1
Copy link
Contributor

mths1 commented Mar 12, 2024
edited

@SameerTi : As far as I can tell, it is currently not possible to add a ca or somethine to the diversity plugin. Webhook has support. I can see two use cases: certificate pinning and self-signed certificates. Adding a configuration option to both plugins to specify a ca wouldn't be too hard.

@ioolkos : What do you think?

@ioolkos
Copy link
Contributor

ioolkos commented Mar 12, 2024

Regarding vmq_diversity, I'm open to any extensions (or experiments). Or regarding Luerl, I should actually say. We've always kept it close to the use case of hook implementations.

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ioolkos @SameerTi @mths1