Adding SSL to real-time unread counts. Long time coming.

2025-09-18 21:50:56 +00:00 · 2012-12-24 11:53:00 -08:00 · 2012-12-24 11:53:00 -08:00 · 90dd709b5b
commit 90dd709b5b
parent 6311bf41d7
8 changed files with 52 additions and 25 deletions
--- a/config/supervisor_node_favicons.conf
+++ b/config/supervisor_node_favicons.conf
@ -1,6 +1,6 @@
 [program:node_favicons]
-command=node favicons.js
-directory=/srv/newsblur/node
+command=node node/favicons.js
+directory=/srv/newsblur
 user=sclay
 autostart=true
 autorestart=true
--- a/config/supervisor_node_unread.conf
+++ b/config/supervisor_node_unread.conf
@ -1,6 +1,6 @@
 [program:node_unread]
-command=node unread_counts.js
-directory=/srv/newsblur/node
+command=node node/unread_counts.js
+directory=/srv/newsblur
 user=sclay
 autostart=true
 autorestart=true
@ -8,3 +8,4 @@ autorestart=true
 priority=991
 stopsignal=HUP
 stdout_logfile = /srv/newsblur/logs/unread_counts.log
+environment = NODE_ENV=production
--- a/config/supervisor_node_unread_ssl.conf
+++ b/config/supervisor_node_unread_ssl.conf
@ -0,0 +1,11 @@
+[program:node_unread_ssl]
+command=node node/unread_counts.js
+directory=/srv/newsblur
+user=sclay
+autostart=true
+autorestart=true
+#redirect_stderr=True
+priority=991
+stopsignal=HUP
+stdout_logfile = /srv/newsblur/logs/unread_counts.log
+environment = NODE_ENV=production,NODE_SSL=on
--- a/fabfile.py
+++ b/fabfile.py
@ -326,7 +326,7 @@ def setup_db():
    # setup_memcached()
    # setup_postgres(standby=False)
    setup_mongo()
-    setup_gunicorn(supervisor=False)
+    # setup_gunicorn(supervisor=False)
    # setup_redis()
    setup_db_munin()
    
@ -603,6 +603,7 @@ def setup_node():
 def configure_node():
    sudo('rm -fr /etc/supervisor/conf.d/node.conf')
    put('config/supervisor_node_unread.conf', '/etc/supervisor/conf.d/node_unread.conf', use_sudo=True)
+    put('config/supervisor_node_unread_ssl.conf', '/etc/supervisor/conf.d/node_unread_ssl.conf', use_sudo=True)
    put('config/supervisor_node_favicons.conf', '/etc/supervisor/conf.d/node_favicons.conf', use_sudo=True)
    sudo('supervisorctl reload')

@ -614,6 +615,7 @@ def copy_certificates():
    run('mkdir -p %s/config/certificates/' % env.NEWSBLUR_PATH)
    put('config/certificates/comodo/newsblur.com.crt', '%s/config/certificates/' % env.NEWSBLUR_PATH)
    put('config/certificates/comodo/newsblur.com.key', '%s/config/certificates/' % env.NEWSBLUR_PATH)
+    put('config/certificates/comodo/EssentialSSLCA_2.crt', '%s/config/certificates/intermediate.crt' % env.NEWSBLUR_PATH)

 def maintenance_on():
    put('templates/maintenance_off.html', '%s/templates/maintenance_off.html' % env.NEWSBLUR_PATH)
--- a/media/ios/NewsBlur.xcodeproj/xcuserdata/sclay.xcuserdatad/xcdebugger/Breakpoints.xcbkptlist
+++ b/media/ios/NewsBlur.xcodeproj/xcuserdata/sclay.xcuserdatad/xcdebugger/Breakpoints.xcbkptlist
@ -16,19 +16,6 @@
         landmarkName = "-applyNewIndex:pageController:"
         landmarkType = "5">
      </FileBreakpoint>
-      <FileBreakpoint
-         shouldBeEnabled = "No"
-         ignoreCount = "0"
-         continueAfterRunningActions = "No"
-         filePath = "Classes/NewsBlurViewController.m"
-         timestampString = "378030680.558538"
-         startingColumnNumber = "9223372036854775807"
-         endingColumnNumber = "9223372036854775807"
-         startingLineNumber = "860"
-         endingLineNumber = "860"
-         landmarkName = "-didSelectSectionHeader:"
-         landmarkType = "5">
-      </FileBreakpoint>
   </FileBreakpoints>
   <SymbolicBreakpoints>
      <SymbolicBreakpoint
--- a/media/js/newsblur/reader/reader.js
+++ b/media/js/newsblur/reader/reader.js
@ -3745,7 +3745,8 @@
            if (this.socket && !this.socket.socket.connected) {
                this.socket.socket.connect();
            } else if (force || !this.socket || !this.socket.socket.connected) {
-                var server = window.location.protocol + '//' + window.location.hostname + ':8888';
+                var port = _.string.startsWith(window.location.protocol, 'https') ? 8889 : 8888;
+                var server = window.location.protocol + '//' + window.location.hostname + ':' + port;
                this.socket = this.socket || io.connect(server);
                
                // this.socket.refresh_feeds = _.debounce(_.bind(this.force_feeds_refresh, this), 1000*10);
--- a/node/unread_counts.coffee
+++ b/node/unread_counts.coffee
@ -1,10 +1,21 @@
 fs     = require 'fs'
-io     = require('socket.io').listen 8888
 redis  = require 'redis'

 REDIS_SERVER = if process.env.NODE_ENV == 'development' then 'localhost' else 'db01'
+SECURE = !!process.env.NODE_SSL
 client = redis.createClient 6379, REDIS_SERVER

+if SECURE
+    privateKey = fs.readFileSync('./config/certificates/newsblur.com.key').toString()
+    certificate = fs.readFileSync('./config/certificates/newsblur.com.crt').toString()
+    ca = fs.readFileSync('./config/certificates/intermediate.crt').toString()
+    io = require('socket.io').listen 8889
+        key: privateKey
+        cert: certificate
+        ca: ca
+else
+    io = require('socket.io').listen 8888
+
 io.configure 'production', ->
    io.set 'log level', 1
    io.enable 'browser client minification'
@ -35,5 +46,6 @@ io.sockets.on 'connection', (socket) ->
    socket.on 'disconnect', () ->
        socket.subscribe?.end()
        console.log "   ---> [#{@username}] Disconnect, there are now" +
-                    " #{io.sockets.clients().length-1} users."
+                    " #{io.sockets.clients().length-1} users. " +
+                    " #{if SECURE then "(SSL)"}"
    
--- a/node/unread_counts.js
+++ b/node/unread_counts.js
@ -1,17 +1,30 @@
 // Generated by CoffeeScript 1.4.0
 (function() {
-  var REDIS_SERVER, client, fs, io, redis;
+  var REDIS_SERVER, SECURE, ca, certificate, client, fs, io, privateKey, redis;

  fs = require('fs');

-  io = require('socket.io').listen(8888);
-
  redis = require('redis');

  REDIS_SERVER = process.env.NODE_ENV === 'development' ? 'localhost' : 'db01';

+  SECURE = !!process.env.NODE_SSL;
+
  client = redis.createClient(6379, REDIS_SERVER);

+  if (SECURE) {
+    privateKey = fs.readFileSync('./config/certificates/newsblur.com.key').toString();
+    certificate = fs.readFileSync('./config/certificates/newsblur.com.crt').toString();
+    ca = fs.readFileSync('./config/certificates/intermediate.crt').toString();
+    io = require('socket.io').listen(8889, {
+      key: privateKey,
+      cert: certificate,
+      ca: ca
+    });
+  } else {
+    io = require('socket.io').listen(8888);
+  }
+
  io.configure('production', function() {
    io.set('log level', 1);
    io.enable('browser client minification');
@ -50,7 +63,7 @@
      if ((_ref = socket.subscribe) != null) {
        _ref.end();
      }
-      return console.log(("   ---> [" + this.username + "] Disconnect, there are now") + (" " + (io.sockets.clients().length - 1) + " users."));
+      return console.log(("   ---> [" + this.username + "] Disconnect, there are now") + (" " + (io.sockets.clients().length - 1) + " users. ") + (" " + (SECURE ? "(SSL)" : void 0)));
    });
  });