[web-devel] [Yesod] Initial SSL support for Warp

Michael Snoyman michael at snoyman.com
Sun Oct 23 06:07:32 CEST 2011


I think you went to "http://localhost:3000/" instead of
"https://localhost:3000/".

I'm not sure why Nginx would feel overkill while Pound wouldn't. I
would think the opposite: Nginx is a fairly well-understood piece of
technology already, with packages in most distributions, and well
known performance characteristics. I'd use it long before something
I've never heard of before.

Anyway, I think a better bet would be to provide another package like
warp-openssl, which should be a very simple venture. But considering
the fact that http-enumerator is already built on tls, it seems like
tls is doing pretty well already.

Michael

On Sun, Oct 23, 2011 at 2:05 AM, Greg Weber <greg at gregweber.info> wrote:
> I tried to run and got this error from the pong application for every
> request:
> error received: Error_Packet_Parsing "Failed reading: invalid header type:
> 32\nFrom:\theader\n\n"
> I think easy SSL support out of the box without more moving parts is
> extremely valuable to get users up and running fast. However, the newer
> haskell SSL implementation is going to be perceived as somewhat risky for a
> while, so some users may still look for more established solutions.
> Now that Yesod/Warp can serve static assets, Nginx can be overkill if we
> just need https. I think our best solution may be pound [1], although I
> personally haven't used it yet. Pound is designed to be a light-weight load
> balancer but also has a specific use case as an SSL wrapper.
> [1] http://www.apsis.ch/pound/
>
> On Sat, Oct 22, 2011 at 1:02 PM, Michael Snoyman <michael at snoyman.com>
> wrote:
>>
>> Hi all,
>>
>> Thanks (once again) to Vincent's awesome tls package, I've just added
>> experimental support to Warp for SSL connections. The basic idea is to
>> create an abstraction within Warp called a Connection, which handles
>> sending and receiving data. This abstraction provides for vectored and
>> non-vectored I/O, as well as enumerator-based I/O. In other words, it
>> supports all of the features Warp already uses. Then a separate
>> package, warp-tls, provides an alternate way of creating a Connection
>> that uses the tls package instead of a raw socket.
>>
>> I've put this code up in a separate branch[1]. The one piece of the
>> puzzle most definitely not implemented yet is proper timeout support.
>> I'm waiting till Kazu and I come up with some clarity on the recent
>> slowloris discussion before implementing the timeout code for tls.
>> Also, I'm sure some thing could be more efficient, but it's certainly
>> working.
>>
>> I've included a pong.hs demo, as well as a self-signed private key and
>> certificate, so in order to test this out, you should need to:
>>
>> 1. Clone the repo
>> 2. "cabal install" warp
>> 3. "runghc pong.hs" inside the warp-tls package
>>
>> Another change that likely makes sense is to improve the TLSSettings
>> setup so it doesn't need to read the key and certificate from a file.
>> I'm definitely open to other suggestions. Also, I don't have a
>> particular use case for this right now, it was just something sitting
>> on my TODO list and was relatively easy to implement, so I decided to
>> take a crack at it.
>>
>> Michael
>>
>> [1] https://github.com/yesodweb/wai/tree/warp-tls
>
>



More information about the web-devel mailing list