api: add SSL support #35
Comments
|
Any news on a http server with SSL support please? |
|
Implementing SSL support with openssl is definitely possible, though it's not trivial to do, and will likely not happen in the nearest future, unless there is a contributor that is willing to work on it. The primary reason it's not high on the list of priorities is that there are lots of mature SSL reverse-proxies. For example, nginx. |
|
Please also note that we do have ssl support in http.client already. |
|
Alright, thank you; I finally saw the light. The TNT http connection will be unencrypted in the local docker network. For servicing the routes outside the local network, I will configure an NGINX container to act as an edge server. |
Please also note that we do have ssl support in http.client already.The http.client is not interesting because it's blocking. Using a high speed db like Tarantool only to wait on the completion of your http requests is not a compelling scenario. |
|
@cbalano yes, that's how I do it. My rule of thumb is to always start with the plain http server (tarantool/http) and add SSL on top with nginx. In case if you'd need pipelining or some obscure http features that the Lua module doesn't handle, you can transition to the tarantool-nginx module later https://github.com/tarantool/nginx_upstream_module . |
|
that would not work where encryption on transit is required including a local loopback/unix domain server. So it would be good to have support for an optional SSL. |
|
It was decided to support SSL for Tarantool EE (at least) via a copy-pasted sslsocket.lua. We need to add support for The https://github.com/tarantool/http?tab=readme-ov-file#creating-a-server
|
Closed
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
Merged
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 8, 2024
It wasn't SSL support. After the patch it was added there are several options to configure SSL: * `use_tls` is a boolean param to enable tls with tls_options provied below (`false` by default); * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 11, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
themilchenko
added a commit
that referenced
this issue
Nov 12, 2024
It wasn't SSL support. After the patch it was added several options to configure SSL, use one of them to enable it: * `ssl_cert_file` is a path to the SSL cert file; * `ssl_key_file` is a path to the SSL key file; * `ssl_ca_file` is a path to the SSL CA file; * `ssl_ciphers` is a colon-separated list of SSL ciphers; * `ssl_password` is a password for decrypting SSL private key; * `ssl_password_file` is a SSL file with key for decrypting SSL private key. Closes #35
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
One of possible use cases: AWS Lambda functions does not support non SSL endpoints: https://forums.aws.amazon.com/message.jspa?messageID=665904
The text was updated successfully, but these errors were encountered: