From f99e69ada6e1ea58265bd96d44d5e31c6bba0dc7 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Fri, 10 Jul 2020 00:38:34 -0700 Subject: [PATCH] Change to websocket compression. --- webserver.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/webserver.js b/webserver.js index 40086e7b..f0b0c15b 100644 --- a/webserver.js +++ b/webserver.js @@ -4300,10 +4300,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Starts the HTTPS server, this should be called after the user/mesh tables are loaded function serverStart() { + // Setup websocket options if needed. + var webSocketOptions; + if (args.wscompression === true) { webSocketOptions = { wsOptions: { perMessageDeflate: true } } } + // Start the server, only after users and meshes are loaded from the database. if (obj.args.notls || obj.args.tlsoffload) { // Setup the HTTP server without TLS - obj.expressWs = require('express-ws')(obj.app, { wsOptions: { perMessageDeflate: (args.wscompression === true) } }); + obj.expressWs = require('express-ws')(obj.app, webSocketOptions); } else { // Setup the HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS). //const tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!RSA:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1 }; // This does not work with TLS 1.3 @@ -4315,7 +4319,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { //obj.tlsServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); }); obj.tlsServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); }); obj.tlsServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); }); - obj.expressWs = require('express-ws')(obj.app, obj.tlsServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } }); + obj.expressWs = require('express-ws')(obj.app, obj.tlsServer, webSocketOptions); } // Start a second agent-only server if needed @@ -4328,7 +4332,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (agentPortTls == false) { // Setup the HTTP server without TLS - obj.expressWsAlt = require('express-ws')(obj.agentapp, { wsOptions: { perMessageDeflate: (args.wscompression === true) } }); + obj.expressWsAlt = require('express-ws')(obj.agentapp, webSocketOptions); } else { // Setup the agent HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS). // If TLS is used on the agent port, we always use the default TLS certificate. @@ -4339,7 +4343,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { //obj.tlsAltServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); }); obj.tlsAltServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); }); obj.tlsAltServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); }); - obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } }); + obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer, webSocketOptions); } }