infra-docs-fpo/modules/sysadmin_guide/pages/fedmsg-websocket.adoc

= websocket SOP

websocket communication with Fedora apps.

see-also: `fedmsg-gateway.txt`

== Contact Information

Owner::
  Messaging SIG, Fedora Infrastructure Team
Contact::
  #fedora-apps, #fedora-admin, #fedora-noc
Servers::
  busgateway01, proxy0*, app0*
Purpose::
  Expose a websocket server for FI apps to use

== Description

WebSocket is a protocol (an extension of HTTP/1.1) by which client web
browsers can establish full-duplex socket communications with a server
--the "real-time web".

In our case, webapps served from app0* and packages0* will include
javascript code instructing client browsers to establish a second
connection to our WebSocket server. They point browsers to the following
addresses:

production::
  wss://hub.fedoraproject.org:9939
staging::
  wss://stg.fedoraproject.org:9939

The websocket server itself is a fedmsg-hub daemon running on
busgateway01. It is configured to enable its websocket server component
in the presence of certain configuration values.

haproxy mediates connections to the fedmsg-hub websocket server daemon.
An stunnel daemon provides SSL support.

== Connection Flow

The connection flow is much the same as in the fedmsg-gateway.txt SOP,
but is somewhat more complicated.

"Normal" HTTP requests to our app servers traverse the following chain:

....
Client -> apache(proxy01) -> haproxy(proxy01) -> apache(app01)
....

The flow for a websocket requests looks something like this:

....
Client -> stunnel(proxy01) -> haproxy(proxy01) -> fedmsg-hub(busgateway01)
....

stunnel is listening on a public port, negotiates the SSL connection,
and redirects the connection to haproxy who in turn hands it off to the
fedmsg-hub websocket server listening on busgateway01.

At the time of this writing, haproxy does not actually load balance
zeromq session requests across multiple busgateway0* machines, but there
is nothing stopping us from adding them. New hosts can be added in
ansible and pressed from busgateway01's template. Add them to the
fedmsg-websockets listen in haproxy's config and it should Just Work.

== RHIT

We had RHIT open up port 9939 special to proxy01.phx2 for this.
Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00			`= websocket SOP`

			`websocket communication with Fedora apps.`

			see-also: `fedmsg-gateway.txt`

			`== Contact Information`

			`Owner::`
			`Messaging SIG, Fedora Infrastructure Team`
			`Contact::`
			`#fedora-apps, #fedora-admin, #fedora-noc`
			`Servers::`
			`busgateway01, proxy0, app0`
			`Purpose::`
			`Expose a websocket server for FI apps to use`

			`== Description`

			`WebSocket is a protocol (an extension of HTTP/1.1) by which client web`
			`browsers can establish full-duplex socket communications with a server`
			`--the "real-time web".`

			`In our case, webapps served from app0* and packages0* will include`
			`javascript code instructing client browsers to establish a second`
			`connection to our WebSocket server. They point browsers to the following`
			`addresses:`

			`production::`
			`wss://hub.fedoraproject.org:9939`
			`staging::`
			`wss://stg.fedoraproject.org:9939`

			`The websocket server itself is a fedmsg-hub daemon running on`
			`busgateway01. It is configured to enable its websocket server component`
			`in the presence of certain configuration values.`

			`haproxy mediates connections to the fedmsg-hub websocket server daemon.`
			`An stunnel daemon provides SSL support.`

			`== Connection Flow`

			`The connection flow is much the same as in the fedmsg-gateway.txt SOP,`
			`but is somewhat more complicated.`

			`"Normal" HTTP requests to our app servers traverse the following chain:`

			`....`
			`Client -> apache(proxy01) -> haproxy(proxy01) -> apache(app01)`
			`....`

			`The flow for a websocket requests looks something like this:`

			`....`
			`Client -> stunnel(proxy01) -> haproxy(proxy01) -> fedmsg-hub(busgateway01)`
			`....`

			`stunnel is listening on a public port, negotiates the SSL connection,`
			`and redirects the connection to haproxy who in turn hands it off to the`
			`fedmsg-hub websocket server listening on busgateway01.`

			`At the time of this writing, haproxy does not actually load balance`
			`zeromq session requests across multiple busgateway0* machines, but there`
			`is nothing stopping us from adding them. New hosts can be added in`
			`ansible and pressed from busgateway01's template. Add them to the`
			`fedmsg-websockets listen in haproxy's config and it should Just Work.`

			`== RHIT`

			`We had RHIT open up port 9939 special to proxy01.phx2 for this.`