[Libwebsockets] Multiple server SSL configurations

Andy Green andy at warmcat.com
Thu Dec 8 01:34:46 CET 2016


On Wed, 2016-12-07 at 15:17 -0500, Alan Conway wrote:
> I want to set up multiple SSL listening configurations. From the
> documentation this seems to mean setting up multiple vhosts each with
> it's own SSL setup.

Yes.  That's how lwsws does it; https://libwebsockets.org and https://w
armcat.com are two vhosts on the same server, but with their own certs
(auto-selected by SNI).

> However I noticed this from Nov 30:
> 
> 6cc4331 vhost: allow adding vhosts after server init	
> 
> My service can open new listeners while it is running, so does that
> mean this won't work with the released v2.1.0? I'm running my own
> poll
> loop and adopting FDs, not using LWS listeners in case that makes
> things easier/harder.

Well it might seem unremarkable to randomly add vhosts after the server
is running but actually it's quite a rarefied requirement unknown to
man (at least, unknown to lws) until last week.

What actually happens that provokes a new vhost appearing?  In the case
of the guy from last weak, it seemed to be "config-reload-lite".  Is
this something else?

There are at least a couple of issues with it before last week...

1) vhosts are logically set up when you add them, that's the same any
time.  But per-vhost protocol init is deferred until before you enter
the event loop, because when you add protocols you don't have an active
event loop.

2) lws drops privs when service starts.  So later vhost protocols don't
start with root context.

The patch adjusts the lws_create_vhost() action to also do the protocol
init if it's not already done.

If you add the vhosts before the first service, there is no problem on
released v2.x.

-Andy

> Thanks,
> Alan.
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets



More information about the Libwebsockets mailing list