hub.darcs.net :: simon -> darcsden -> issue

#146add ssl support

maerwald

Should be fairly straightforward and optional. Snap has built-in support for that, we just need to configure it during start.

Working on it in this branch: http://hub.darcs.net/maerwald/darcsden-ssl

• maerwaldMon Nov 30 14:33:04 UTC 2015

  first take: http://hub.darcs.net/maerwald/darcsden-patches/patch/8e04c8281dd6237086f5d21311cc09a2e5007203

  problems: - it seems we need '-threaded' here, otherwise we get "SimpleBackend.acceptThread: user error (RTS doesn't support multiple OS threads (use ghc -threaded when linking))" during runtime - we currently only support running https-only or http-only... everything else seems to collide with out 'baseUrl' logic

• maerwaldMon Nov 30 15:57:15 UTC 2015

  reworked a bit: - http://hub.darcs.net/maerwald/darcsden-patches/patch/a043271d1cbacd4d04881139217bc03440191efe - http://hub.darcs.net/maerwald/darcsden-patches/patch/83dbd1d909bea2b0f4b08a6d4990990249884fc8 - http://hub.darcs.net/maerwald/darcsden-patches/patch/4a2f1532d10d34a0ff692995c0e63549bd184211 - http://hub.darcs.net/maerwald/darcsden-patches/patch/271784710a0e70385d7cf906c1115d201f1f15df

  This also removes the "baseUrl" configuration value. Instead the requests are now all relative, so links work protocol-agnostic. This allows us to have both http and https at the same time or only one of them. The user can use the "protocols = [ HTTP, HTTPS ]" config thing then.

• Simon MichaelMon Nov 30 16:41:30 UTC 2015

  Nice! See also #142

• maerwaldMon Nov 30 16:48:36 UTC 2015

  Also note that you can achieve the same with a front proxy (e.g. nginx). So the backend server is http only while the front proxy establishes the https thing with the client. But having a front proxy shouldn't be a requirement for deploying darcsden with https support.

• Simon MichaelMon Nov 30 16:55:26 UTC 2015

  Good point. darcs hub does use nginx, so maybe that is that the route I should go for #142 ? I'm guessing nginx will need to use https regardless of whether darcsden does.

• maerwaldMon Nov 30 17:01:32 UTC 2015

  Yeah, I've done that with an automatically configured nginx front proxy in a docker container, see: - https://github.com/hasufell/docker-gentoo-darcsden - http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/

  Nonetheless, these two patches could already be merged/tested on the dev site: - http://hub.darcs.net/maerwald/darcsden-patches/patch/83dbd1d909bea2b0f4b08a6d4990990249884fc8 - http://hub.darcs.net/maerwald/darcsden-patches/patch/271784710a0e70385d7cf906c1115d201f1f15df

  They don't add https support yet, but do some cleanup.

• Simon MichaelMon Nov 30 17:06:14 UTC 2015

  Hard-coding the base url to / is a bit questionable. Maybe the hostname and custom port still work, but it means you can't integrate darcsden in a website at /some/lower/path.

• maerwaldMon Nov 30 17:07:43 UTC 2015

  well, even then it should be relative and not absolute

• maerwaldMon Nov 30 17:08:47 UTC 2015

  maybe we just set the default to "/" and tell people in the README that it should be a relative path?

• maerwaldMon Nov 30 17:44:24 UTC 2015

  Afais there's no proper support for "/some/lower/path" in darcsden anyway. From my tests, it breaks pretty much anything.

• maerwaldMon Nov 30 17:46:36 UTC 2015
  • description updated
• maerwaldTue Dec 1 07:37:36 UTC 2015
  • added tag experimental