Re: Does Ratchet library support wss://?

[cboden]

Due to a bug in PHP Ratchet can not natively support SSL at this time. PHP does not complete the SSL handshake when sockets are set to be non-blocking (asynchronous).  

To achieve wss:// you can wrap your Ratchet process in stunnel.

On Friday, October 12, 2012 9:18:47 AM UTC-4, igor.e...@gmail.com wrote:

Hello, does it or will it very soon support wss:// (SSL secured ws:// connections) connections? If not, could you recommend libraries that would support it?

Thanks.

[cboden]

I've done a proof of concept spike to get it working but as I was learning and testing I realized it's probably not the best methodology. SSL is "slow" (by comparison) and would temporarily block Ratchet's event loop process while encoding/decoding. 

Using stunnel is not a hack, it's a reverse proxy that has one job to do.  Separating concerns in your network will increase performance.  Alternatively, to stunnel you could put Ratchet behind HAProxy or Nginx and have either of those three handle the SSL work.  See the section "Server Configuration" on my Deployment tutorial to see how you might setup your network architecture (you'd add in SSL, not covered in tutorial).

Cheers.

On Thursday, 28 March 2013 13:59:59 UTC-4, SOS wrote:

This still hold true as of Mar 2013?  Has a later version of PHP addressed this, or is there even a fix for the bug on the PHP roadmap?  We would definitely need SSL as well, and also would want to avoid stunnel hacks due to the fact that we have to develop multiple clients from different platforms.

[alb...@gmail.com]

Hi
I test the Wrench PHP websocket server with HTTPS and it works fine. Why cannot be Rachet adapted  with the same function? Just by adding certificate information, file and pass-phrase options and setting up the SSL configuration?
Cheers

[Oscar Balladares]

Hi Alb.

I used to think the same, that it was a pity Ratched has no native support for SSL.

But there are other strategies, that I think are better than a native SSL support (due to the overhead of parsing the cert).

Ratched has docs about setting up HAProxy, you can configure it to handle SSL certs.

Our solution at flightfox.com was to set up Nginx as a reverse proxy with web socket ssupport that handles the SSL and routing the request to the plain socket server app.

This has proven to be a rock solid stack and arguably easy to implement.

Regards.

[cboden]

Wrench seems to handle SSL negotiation in a blocking/synchronous manner. In addition, SSL is processor intensive which is why it's better to leave that to something like Nginx as Oscar suggested. 

[googl...@datagrid.mobi]

Guys,

Unfortunately, I do not have enough expertise in configuring nginx. Can you please post a sample config to enable Ratchet over SSL?

That would be hugely appreciated.... My app is production ready, however I did not know about this SSL problem..

Thank you!

[cboden]

Try this: http://stackoverflow.com/a/12102112 - following that example you'd have your Ratchet app run on port 5501.