Permalink
Browse files

Merge pull request #81 from visfleet/master

Added secure_proxy option for when em-websocket is behind an ssl terminator
  • Loading branch information...
2 parents 04b0770 + 2eb3b91 commit 44787d6353bcfe953fe8e2861f731ce326ef3dae @mloughran mloughran committed Jul 16, 2012
Showing with 21 additions and 2 deletions.
  1. +19 −1 README.md
  2. +2 −1 lib/em-websocket/connection.rb
View
@@ -35,7 +35,7 @@ For example,
```ruby
EventMachine::WebSocket.start({
:host => "0.0.0.0",
- :port => 443
+ :port => 443,
:secure => true,
:tls_options => {
:private_key_file => "/private/key",
@@ -46,6 +46,24 @@ EventMachine::WebSocket.start({
end
```
+## Running behind an SSL Proxy/Terminator, like Stunnel
+
+The :secure_proxy => true option makes it possible to run correctly when behind a secure SSL proxy/terminator like [Stunnel](http://www.stunnel.org/). When setting :secure_proxy => true, any reponse from the em-websocket which contains the websocket url will use the wss:// url scheme. None of the traffic is encrypted.
+
+This option is necessary when using websockets with an SSL proxy/terminator on Safari 5.1.x or earlier, and also on Safari in iOS 5.x and earlier. Most versions of Chrome, Safari 5.2, and Safari in iOS 6 do not appear to have this problem.
+
+For example,
+
+```ruby
+EventMachine::WebSocket.start({
+ :host => "0.0.0.0",
+ :port => 8080,
+ :secure_proxy => true
+}) do |ws|
+...
+end
+```
+
## Handling errors
There are two kinds of errors that need to be handled - errors caused by incompatible WebSocket clients sending invalid data and errors in application code. They are handled as follows:
@@ -40,6 +40,7 @@ def initialize(options)
@options = options
@debug = options[:debug] || false
@secure = options[:secure] || false
+ @secure_proxy = options[:secure_proxy] || false
@tls_options = options[:tls_options] || {}
@data = ''
@@ -107,7 +108,7 @@ def dispatch(data)
else
debug [:inbound_headers, data]
@data << data
- @handler = HandlerFactory.build(self, @data, @secure, @debug)
+ @handler = HandlerFactory.build(self, @data, @secure || @secure_proxy, @debug)
unless @handler
# The whole header has not been received yet.
return false

0 comments on commit 44787d6

Please sign in to comment.