I just started a new web based mud project and in the interests of deploying early and often I got it up on the internet yesterday at apathydrive.com.
I ran into some challenges in getting a websocket based mud deployed with SSL and thought I'd do a quick write-up in case anyone else finds themselves in a similar situation. My mud is a Ruby on Rails application but everything above the application server level is language agnostic so this will probably be useful for people writing muds in Python etc.
It's pretty standard to have the nginx (or Apache) webserver on your server accept incoming traffic for your site to serve static assets since it can do that much faster than your application server, so my initial deploy was Nginix watching port 80 and from there sending requests down to my application server (thin in my case).
It turns out that websockets uses http 1.1, and while Nginix can talk to the browser using http 1.1, it talks to backend servers only via http 1.0.
This breaks the websockets.
To solve this I installed Varnish which is a caching server, but it's also capable of reverse proxying based on domain and / or url. In my application all websocket connections happen at apathydrive.com/websocket so I set up varnish to direct traffic to /websocket directly to thin, and everything else to Nginix.
The last step in the chain was adding SSL so all traffic to and from my mud is encrypted. I set nginx watching port 80, and redirecting everything from there to https://apathydrive.com which causes the browser to use ssl on port 443.
Varnish can't handle SSL so I set up stunnel as my SSL termination. It takes the https requests on port 443, decrypts them and sends them to varnish, then encrypts the responses and sends them to the browser.
As websockets gets more ubiquitous I imagine this process will get easier and I'll be able to pair this back down to Nginx / thin.
I ran into some challenges in getting a websocket based mud deployed with SSL and thought I'd do a quick write-up in case anyone else finds themselves in a similar situation. My mud is a Ruby on Rails application but everything above the application server level is language agnostic so this will probably be useful for people writing muds in Python etc.
It's pretty standard to have the nginx (or Apache) webserver on your server accept incoming traffic for your site to serve static assets since it can do that much faster than your application server, so my initial deploy was Nginix watching port 80 and from there sending requests down to my application server (thin in my case).
It turns out that websockets uses http 1.1, and while Nginix can talk to the browser using http 1.1, it talks to backend servers only via http 1.0.
This breaks the websockets.
To solve this I installed Varnish which is a caching server, but it's also capable of reverse proxying based on domain and / or url. In my application all websocket connections happen at apathydrive.com/websocket so I set up varnish to direct traffic to /websocket directly to thin, and everything else to Nginix.
The last step in the chain was adding SSL so all traffic to and from my mud is encrypted. I set nginx watching port 80, and redirecting everything from there to https://apathydrive.com which causes the browser to use ssl on port 443.
Varnish can't handle SSL so I set up stunnel as my SSL termination. It takes the https requests on port 443, decrypts them and sends them to varnish, then encrypts the responses and sends them to the browser.
As websockets gets more ubiquitous I imagine this process will get easier and I'll be able to pair this back down to Nginx / thin.