Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS and hostname support #49

Merged
merged 4 commits into from
Mar 19, 2024
Merged

Add TLS and hostname support #49

merged 4 commits into from
Mar 19, 2024

Conversation

joeyparrish
Copy link
Contributor

This adds both TLS and hostname support.

TLS support is activated by specifying paths to a key and a cert. There are caveats about self-signed certs in the README.

This also adds hostname support. This impacts both the URL sent to browsers and the IP the server socket listens to. There are caveats about valid names, valid IPs, and HSTS preload in the README. HSTS-type errors in both Chrome and Firefox are detected automatically and translated into friendlier errors with a short link to the documentation.

Closes #42
Replaces PR #43
One part of solving shaka-project/shaka-player#5547

@joeyparrish
Add TLS and hostname support
b64915b 
This adds both TLS and hostname support.

TLS support is activated by specifying paths to a key and a cert.
There are caveats about self-signed certs in the README.

This also adds hostname support. This impacts both the URL sent to
browsers and the IP the server socket listens to.  There are caveats
about valid names, valid IPs, and HSTS preload in the README.
HSTS-type errors in both Chrome and Firefox are detected automatically
and translated into friendlier errors with a short link to the
documentation.

Closes #42
Replaces PR #43
One part of solving shaka-project/shaka-player#5547
@joeyparrish
Copy link
Contributor Author

Checking the Windows test failure against our Windows lab machine.

@joeyparrish
Copy link
Contributor Author

I get a different failure on our Windows machine:

Failures:
1) server starting the server starts a server with the specified hostname
  Message:
    TypeError: Invalid URL
  Stack:
    error properties: Object({ code: 'ERR_INVALID_URL', input: 'http://2401:fa00:480:2207:464d:7a11:92b1:129:64237/__jasmine__/jazz.js' })

On CircleCI, we get:

1) server When an importMap is provided includes an import map with both imports and scopes
  Message:
    Error: connect ECONNREFUSED ::1:63613

And similar on several tests.

I think CircleCI's Windows box only has a localhost interface, and localhost resolves to ::1 instead of 127.0.0.1. I'll see if I can simulate that in a more comfortable local Linux environment. I can't connect to a remote Windows machine if it only has localhost. 😁

The failure I get on my own Windows box seems to be an issue with my getIP() method choosing IPv6. I think the URL formatting is wrong in that case.

@joeyparrish
Copy link
Contributor Author

Forcing localhost to IPv6 in /etc/hosts on Linux reproduces the failures I get in CircleCI on Windows:

::1 localhost
# 127.0.0.1 localhost

@joeyparrish
Copy link
Contributor Author

Ah, the problem with IPv6 for localhost is my defaults for hostname. Using "0.0.0.0" for the listening address doesn't mean "all IPs from all interfaces", it means "all IPs from IPv4 interfaces only". Easy to fix.

@joeyparrish
Copy link
Contributor Author

Tests passing on all platforms, with IPv4 and IPv6. Please take a look!

@sgravrock
Copy link
Member

Thanks for the PR. This looks solid at first glance. I'll review it in more detail soon.

@joeyparrish
Copy link
Contributor Author

Thanks!

sgravrock
sgravrock approved these changes Mar 19, 2024
View reviewed changes
spec/serverSpec.js
const ip = getIP();

if (ip == '127.0.0.1') {
pending('Cannot test hostname without a non-localhost interface.');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunate, but I don't see a realistic alternative.

lib/server.js
// all IPs (no hostname) and point browsers to "localhost". We preserve
// backward compatibility here by using different defaults for these two
// things.
const listenOptions = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call. I think it'd be better to listen only on loopback by default but that's a change for the next major release.

@sgravrock sgravrock merged commit d92db5f into jasmine:main Mar 19, 2024
3 checks passed
@sgravrock sgravrock mentioned this pull request Mar 19, 2024
Closed
@joeyparrish joeyparrish mentioned this pull request May 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgravrock sgravrock sgravrock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Is TLS supported?
2 participants
@joeyparrish @sgravrock