Secure faye not receiving messages

166 views
Skip to first unread message

Will Mernagh

unread,
Oct 28, 2011, 6:49:53 PM10/28/11
to faye-...@googlegroups.com
Hi

I have faye running on port 9393 behind a nginx proxy which routes port 443 to 9393. I am able to get to the faye.js page through https and based on the network inspector in chrome I am connecting okay for the polling. 

On the fay side there is activity in the log file showing a connection. However none of my messages seem to be going to the client. Has anyone seen this? I can get it to work no problem without https. 

To get from http to https I have done the following.

1. In the nginx conf I reroute 443 to 9393 instead of 80 to 9393.
2. In the config.ru I pass in the key and cert paths.
3. In my client I specify https://servername.com instead of http://servername.com

Is there something that I am missing?

Thanks
Will

James Coglan

unread,
Oct 29, 2011, 3:27:21 AM10/29/11
to faye-...@googlegroups.com
On 28 October 2011 23:49, Will Mernagh <wmer...@gmail.com> wrote:
On the fay side there is activity in the log file showing a connection. However none of my messages seem to be going to the client. Has anyone seen this? I can get it to work no problem without https.

Have you checked that published messages are received, and that /meta/connect messages are received and held correctly?
 
To get from http to https I have done the following.

1. In the nginx conf I reroute 443 to 9393 instead of 80 to 9393.
2. In the config.ru I pass in the key and cert paths.
3. In my client I specify https://servername.com instead of http://servername.com

Can you supply the actual config code you're using, or a minimal replica of it? It's hard to diagnose problems otherwise. A couple questions I have for now:

1. What timeout setting are you using in nginx and config.ru? The Faye timeout must be shorter than the nginx one.
2. Does the nginx->faye connection need to be https, or can the proxy just speak http to internal traffic? 

upisdown

unread,
Sep 15, 2012, 4:58:29 PM9/15/12
to faye-...@googlegroups.com
I'm having this exact same issue. 


On Saturday, 29 October 2011 00:27:21 UTC-7, James Coglan wrote:
On 28 October 2011 23:49, Will Mernagh <wmer...@gmail.com> wrote:
On the fay side there is activity in the log file showing a connection. However none of my messages seem to be going to the client. Has anyone seen this? I can get it to work no problem without https.

Have you checked that published messages are received, and that /meta/connect messages are received and held correctly?
 

How can I tell if they are held correctly? 
 
To get from http to https I have done the following.

1. In the nginx conf I reroute 443 to 9393 instead of 80 to 9393.
2. In the config.ru I pass in the key and cert paths.
3. In my client I specify https://servername.com instead of http://servername.com

Can you supply the actual config code you're using, or a minimal replica of it? It's hard to diagnose problems otherwise. A couple questions I have for now:

1. What timeout setting are you using in nginx and config.ru? The Faye timeout must be shorter than the nginx one.

15 for faye and 130 for nginx proxy_read_timeout, 90 for nginx keepalive_timeout
 
2. Does the nginx->faye connection need to be https, or can the proxy just speak http to internal traffic? 

In my setup I have tried both, currently I don't have the certs setup within faye. I just use nginx to proxy pass to faye internally. 

I did that so that way I can have two apps running connected to the same faye channel for testing purposes. I have one application that connects via http, everything works very fast. And I have another one setup with https using nginx to proxy pass to the same faye server. 

The https one is able to send messages instantly, the http channel receives them immediately but then I get a ~30 second delay before they arrive in the https application. 

Any guesses on how I can improve this? I was looking into using HAproxy and stud infront of both faye and nginx but Id like to keep things simple as possible if I can because I dont suspect Ill have more then a hundred or so users on ever. 

upisdown

unread,
Sep 15, 2012, 5:51:03 PM9/15/12
to faye-...@googlegroups.com
So the nginx connection trying to use https and proxy passing to the http faye causes a long polling connection while the application that connects directly uses websockets. 

I also get these errors in chrome: 

Faye.Transport.XHR.Faye.extend.Faye.Class.request faye.js:1
Faye.Transport.Faye.extend.Faye.Class.flush faye.js:1
(anonymous function)

before the message finally arrives. Its odd because looking at the XHR section some attempts at https://site/faye work but some don't . 

upisdown

unread,
Sep 15, 2012, 5:58:29 PM9/15/12
to faye-...@googlegroups.com
Okay so I decided to disable both of these options and go with long polling and everything worked perfectly. Hope this saves someone some time later. 

  faye.disable('websocket');
  faye.disable('eventsource');


Reply all
Reply to author
Forward
0 new messages