http
http copied to clipboard
tarantool
SSL support
One of possible use cases: AWS Lambda functions does not support non SSL endpoints: https://forums.aws.amazon.com/message.jspa?messageID=665904
Implementing SSL support with openssl is definitely possible, though it's not trivial to do, and will likely not happen in the nearest future, unless there is a contributor that is willing to work on it.
The primary reason it's not high on the list of priorities is that there are lots of mature SSL reverse-proxies. For example, nginx.
Alright, thank you; I finally saw the light. The TNT http connection will be unencrypted in the local docker network. For servicing the routes outside the local network, I will configure an NGINX container to act as an edge server.
Please also note that we do have ssl support in http.client already.
The http.client is not interesting because it's blocking. Using a high speed db like Tarantool only to wait on the completion of your http requests is not a compelling scenario.
@cbalano yes, that's how I do it. My rule of thumb is to always start with the plain http server (tarantool/http) and add SSL on top with nginx. In case if you'd need pipelining or some obscure http features that the Lua module doesn't handle, you can transition to the tarantool-nginx module later https://github.com/tarantool/nginx_upstream_module .
that would not work where encryption on transit is required including a local loopback/unix domain server. So it would be good to have support for an optional SSL.
