how can enable ssl ?

[javadrajabi]

How is ssl enabled in this framework?

[iprastha]

i too may require SSL in my project. Since this is based on workerman, i'm looking at this link from workerman github page.
Will try and provide more feedback on this. Maybe some SSL code sample in documentation is needed.

[iprastha]

i too may require SSL in my project. Since this is based on workerman, i'm looking at this link from workerman github page.
Will try and provide more feedback on this. Maybe some SSL code sample in documentation is needed.

I ended up using nginx with reverse proxy to localhost mark workers, reason being:

1. using certbot to automatically renew my SSL certificate with automatic configuration for nginx
2. faster worker because no ssl configuration is required in mark project

so my workers are running at http://localhost:3000
and my nginx is set up at mydomain.com:443 (with SSL) , using reverse_proxy pass to http://localhost:3000
Something like this in my nginx config:

server{
listen 443 ssl;
... other SSL configs set by certbot ...
location / {
        proxy_pass http://127.0.0.1:3000;
    }
}

[xenogenesi]

Please correct me if I'am wrong but, mark is based on workerman and workerman supports SSL

--- start.php	2021-08-24 12:20:47.752143969 +0200
+++ start-ssl.php	2021-08-24 15:04:36.983849892 +0200
@@ -3,7 +3,19 @@
 
 require 'vendor/autoload.php';
 
-$api = new App('http://0.0.0.0:3000');
+// SSL context.
+$context = array(
+    'ssl' => array(
+        'local_cert'  => '/path/to/server.crt',
+        'local_pk'    => '/path/to/server.key',
+        'verify_peer' => false,
+    )
+);
+
+
+$api = new App('http://0.0.0.0:3000', $context);
+
+$api->transport = 'ssl';

[joanhey]

I prefer to use Nginx as Proxy, to manage SSL, static files, ...

But the Nginx configuration of @iprastha , is not very good for performance.

A correct Nginx config, have a very big difference in performance.

It's better so:

server{
    listen 443 ssl;
    ... other SSL configs set by certbot ...
   location / {
        proxy_pass http://127.0.0.1:3000;

        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

This is the minimal config, and using http 1.1 in the proxy connection.
And the performance will be the same than Mark without Nginx.

Later there are more options: use Unix socket, load balancer, client keepalive, ...

[iprastha]

I prefer to use Nginx as Proxy, to manage SSL, static files, ...

But the Nginx configuration of @iprastha , is not very good for performance.

A correct Nginx config, have a very big difference in performance.

It's better so:

server{
    listen 443 ssl;
    ... other SSL configs set by certbot ...
   location / {
        proxy_pass http://127.0.0.1:3000;

        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

This is the minimal config, and using http 1.1 in the proxy connection. And the performance will be the same than Mark without Nginx.

Later there are more options: use Unix socket, load balancer, ...

Thank you for the review, upon further reading, this nginx setting is to ensure keepalive connection is used on the upstream server. More info on https://www.nginx.com/blog/tuning-nginx/ under "Keepalive Connections" section.

Quoting

Keepalive connections can have a major impact on performance by reducing the CPU and network overhead needed to open and close connections. NGINX terminates all client connections and creates separate and independent connections to the upstream servers. NGINX supports keepalives for both clients and upstream servers.