Spiderable doesn't allow coping with PhantomJS failing due to unsupported SNI #1837

Closed
advancingu opened this Issue Feb 14, 2014 · 7 comments

4 participants

@advancingu

This issue refers to ariya/phantomjs#11239 where it is described that PhantomJS currently does not support Server Name Include. Executing PhantomJS via spiderable on a host with SNI and where http is automatically redirected to https, the result is always that PhantomJS fails.

A workaround for PhantomJS is to set the parameter --ignore-ssl-errors=true, however Spiderable currently does not permit specifying this parameter anywhere.

@glasser
Meteor Development Group member

Are you sure that Phantom doesn't support SNI? The person reporting that bug "suspected" that, but I don't see it confirmed by a Phantom developer there. Maybe it's a misconfiguration and depends on how you build Phantom/OpenSSL?

Can you give an example of a site that requires SNI so we can test this?

@advancingu

Thanks for your reply.

I'm working on https://turbostart.co which is only accessible through a load balancer at 107.21.216.112 via https://modulus.io hosting. The balancer is configured to automatically redirect HTTP to HTTPS and uses SNI for certificates. It should be straightforward to reproduce with this domain.

@glasser
Meteor Development Group member

OK, I can reproduce this, on my Mac using PhantomJS 1.9.7 from brew. Specifically, with x.js of

var url = "http://turbostart.co/";
var page = require('webpage').create();
page.open(url, function (status) {
  console.log("Status:", status);
  phantom.exit(status === 'fail' ? 1 :0);
});

it fails with phantomjs --load-images=no x.js but not with phantomjs --load-images=no --ignore-ssl-errors=yes.

I'm not sure what the right thing to do here is. One answer is that force-ssl should not force SSL from PhantomJS. In fact, I am surprised that it does... it's not supposed to. So spiderable should be connecting over http.

Ah, is the point that you're not using our force-ssl module, but instead are using HTTP->HTTPS at a proxy layer? Can you configure that to not do that redirection if the request originates from local host?

@bompi88

+1

@petermikitsh

I am experiencing similar concerns. I forward all http traffic to https. To solve the problem, I made the following edit in my production instance at /path/to/meteor/programs/server/packages/spiderable.js:107 (as discussed here):

("exec phantomjs  --load-images=no /dev/stdin <<'END'\n" +     // 107
("exec phantomjs --ignore-ssl-errors=true --ssl-protocol=tlsv1 --load-images=no /dev/stdin <<'END'\n" +     // 107

It would be beneficial if this setting could be parameterized as part of the environment, rather than having to patch underlying dependencies each time a project is bundled and a hot code push is made. The spiderable package should not assume a specific production environment configuration.

@glasser
Meteor Development Group member

1.0 will have an environment variable METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS which allows you to replace the options passed to phantomjs. You can test this with --release 1.0-rc.6. It replaces the defaults (which are --load-images=no --ssl-protocol=TLSv1 in this release).

@justinsb justinsb referenced this issue Oct 23, 2014
@justinsb justinsb Use TLS (not SSLv3) with phantomjs, to avoid POODLE problems
Also, args can be overridden using METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS
1a4956e
@glasser
Meteor Development Group member

As mentioned above, you can configure this with $METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS.

@glasser glasser closed this Jan 31, 2015
@JulianKingman JulianKingman referenced this issue in meteorhacks/meteord Feb 23, 2016
Closed

How to set meteor environment variables? #80

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment