majestic
majestic copied to clipboard
Raathigesh
Connect over wss when loaded over https
When loading majestic over an https connection, the client attempts to connect over ws not wss.
It seems the apollo http link will require https too.
Yes, this is a fundamental blocker.
Curious to know the use case behind using over an https connection?
Are you implying you don't secure your HTTP communications?
Majestic is meant to be used locally in the same way as a local dev server so I'm trying to understand the benefits of having a secure connection.
I would never open a service over an unsecured connection. What people do in development reflects in production, as production is an artefact of development. Relying on network isolation as a substitute for secure http connections is a weakness waiting to be exploited.
On Wed, 3 Apr 2019, 11:19 AM Raathi Kugarajan <[email protected] wrote:
Majestic is meant to be used locally in the same way as a local dev server so I'm trying to understand the benefits of having a secure connection.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Raathigesh/majestic/issues/65#issuecomment-479268090, or mute the thread https://github.com/notifications/unsubscribe-auth/ABCzyO2xR4c-xiHWidjqCLjFlpEQY1cUks5vc_OlgaJpZM4cKzJM .
@Raathigesh: Thank you very much for your work on Majestic, it's an awesome tool! :)
I am currently working to get it to run on a server. It's password protected but technically public-facing. This makes it a lot easier for our distributed team to run the same tests that lay centrally on the server. That way not everyone has to deep-dive into the inner workings of Majestic and Jest testing but can simply "click a button to check if everythings works" (= green).
Right now I have majestic running behind an nginx server with active HTTPS but the missing wss:// is the last remaining hurdle. So at least for me there's absolutely usecase for it and I'd love to see it implemented
@justusbluemer I'm glad that you find the tool useful. Are you open to contributing the change?
I'm running into this too. Same issue as @justusbluemer I get the initial decision not to include it, but seems like pretty simple thing to add, and without it its not possible to use over https connections.
@NickBolles I'm not against it but didn't get the time or motivation to work on it yet. Reopening the issue. Feel free to send a PR if you are interested.
For me this is crucial too. Running via an Nginx proxy.
I tried changing (in ui/apollo-client.ts)
let WS_URL = "ws://localhost:4000";
to
let WS_URL = "wss://localhost:4000/wss";
but that did not help.
Changing ws:// to wss:// should enable the websocket over the https proxy. And adding /wss helps in Nginx proxying the websocket the right way.
But my guess is adding /wss makes the websocket of Majestic fail?
We need to show that UI-test are passing on the dev-server for the whole team. Please, do this.
Feel free to send a PR if you are interested.
@Raathigesh
I tried to change http and ws to secure type in client and server, but I don't have the necessary experience in graphql-yoga, maybe this requires additional config (I don't know values for https option in server.start).
If you can give me the necessary instructions for make this work, I could send a PR with this.
@pavelzubov Thanks for looking into it.
Yes, the https options can be provided through the start method of the server.
The doc also mentions a bit more about https option - https://github.com/prisma-labs/graphql-yoga#startoptions-options-callback-options-options--void----null-promisevoid
@Raathigesh yes, I was read it)
But, what I will write in cert field? I can't put my own certificate or suggest users to put their own in the config.
I'm going the wrong way. I shouldn't change the graphql-yoga config. This should work in HTTP as before. Issue in that:
- Majestic works over HTTP, we provide access to Majestic through a proxy, which adds a HTTPS.
- Your UI expects HTTP connection and sends request to open an insecure web-socket.
- But UI run over HTTPS for the browser, and ws-requests are blocked in HTTPS. We need wss-requests.
What we can change for solve this problem?
@pavelzubov The URL to connect to the server is in https://github.com/Raathigesh/majestic/blob/master/ui/apollo-client.ts.
Is changing those URLs to wss be enough? If so, we could introduce a command-line argument which when provided will change the client URL to wss.
@Raathigesh no, @robertheessels write about it above in https://github.com/Raathigesh/majestic/issues/65#issuecomment-564582818.
I get the following message in console:
So that means we have to provide the cert and key to the graphql-yoga server. We can accept the paths to the cert and the key as command-line arguments and then provide those to the server.
But you also mentioned the below in your previous comment which is confusing me.
I'm going the wrong way. I shouldn't change the graphql-yoga config.
@Raathigesh
Oh, sorry, I made a mistake. I ran the code on localhost (on HTTP). This of course will return an error.
On server changing URLs to wss and https works.
I can send PR. This change applies for PRODUCTION, so I use protocol from window.location and condition for webSocket protocol inside if (PRODUCTION) condition :
let WS_URL = "ws://localhost:4000";
let HTTP_URL = "http://localhost:4000";
if (PRODUCTION) {
const WS_PROTOCOL = window.location.protocol === "https:" ? "wss:" : "ws:";
WS_URL = `${WS_PROTOCOL}//${window.location.host}`;
HTTP_URL = `${window.location.protocol}//${window.location.host}`;
}
@Raathigesh I make PR: #182 We ran into difficulties and I think that these page will be useful for Majestic users who will try use it on HTTPS and nginx: https://www.nginx.com/blog/websocket-nginx/ Without this websockets in Majestic will not work.