Websocket Proxy
Abstract/What it does
The Micronets Websocket Proxy allows peers to establish a secure end-to-end websocket channel by connecting to a common URI on the Proxy. This allows two peers to rendezvous and communicate without exposing any interfaces or ports. Authentication is currently performed using client certificate validation. And the proxy can support as many connections as the host system can support.
Proxy clients are authenticated using X.509 client certificates provided in the secure websocket TLS exchange.
How is it instantiated
The Proxy includes support for instantiation via systemd on Linux or as a Docker container.
What else does it communicate with
Currently the Micronets Manager and its peer Micronets Gateway - which are paired one-for-one - establish their communication channel by connecting to a common URI on the Websocket Proxy. In production, the gateway and micronets manager establish a secure websocket connection using subscriber and box ID. e.g. “wss://websocket-proxy-address:port/micronets/v1/ws-proxy/sub/8675309/00224dd149bb”.
What APIs it provides
The Websocket Proxy uses the standard TLS and websocket protocol messaging to establish the connection. A simple protocol is defined by the Proxy for performing the peer handshake, invoking REST APIs on the peers, and performing asynchronous notifications.
Link(s) to details on how to build
Instructions for building and running the Websocket Proxy can be found in the Micronets Websocket Proxy README
Link(s) to details on how to deploy
Instructions for deploying the Websocket Proxy via Linux systemd and via a Docker container can be found in the Micronets Websocket Proxy.
Instructions for generating the Proxy’s server cert/key generating the Proxy’s server cert/key, generating the peer client certs/keys, and generating the root certificate/key used for validating/signing the server and client certs are also contained in the Proxy README.
Link(s) to API docs
The Websocket Proxy protocol is documented in the Micronets Websocket Proxy README