HTML and CSS Reference
In-Depth Information
you may recall our discussion about addressability in Chapter 3, where we
identified a fundamental problem: some machines on the internet can only
make outgoing connections and cannot be directly addressed. Websocket
essentially solves this problem for web clients, which cannot be directly
accessed by servers. servers can only send newly available data to a client on a
connection that was initiated by that client. By keeping a persistent connection
open from web clients, Websocket removes this limitation. similarly, reverse
connectivity or tunneling keeps a persistent connection open from Websocket
servers. Reverse connectivity for servers uses persistent connections from
non-addressable hosts to publicly available endpoints. The publicly available
endpoint forwards connections over this persistent tunnel to servers that would
otherwise be unable to accept connections. if your Websocket server does not
have a public address, you may want to use reverse connectivity to make
it available.
Traverse Proxies and Firewalls with Transport
Layer Security (TLS or SSL)
Throughout this topic, we've mentioned Transport Layer Security (TLS, formerly known
as SSL) frequently for an important reason. TLS hides network traffic from inspection
and interference by man-in-the-middle attackers. TLS helps connections flow smoothly
through some kinds of common web proxies, as well. In this section, we look at the
effects of different types of proxy on WebSocket connections. Hopefully, by the end of this
section, you'll see why we recommend deploying WebSocket over TLS, even when it is
not a security requirement.
Because forward proxies manage traffic between private networks and the Internet,
they can also close a connection if it has been open for too long. This expected action by
a proxy server represents a risk to technologies, like WebSocket, that require persistent
connections. We discuss how to offset this with pings and pongs later in this chapter.
Proxies are also more likely to buffer unencrypted HTTP responses, thereby introducing
unpredictable latency during HTTP response streaming.
Without any intermediary servers, a WebSocket connection can be established
smoothly, as long as both understand the WebSocket Protocol. However, with the
proliferation of network intermediaries between you and the Internet, there are cases that
you need to understand when deploying your WebSocket-based application, as described in
Table
8-1
.
