https://kotlinlang.org logo
#ktor
Title
# ktor
a

adeln

10/16/2019, 11:40 AM
hey folks! I’m trying to set a secure flag to my cookies, and I’m getting
Copy code
java.lang.IllegalArgumentException: You should set secure cookie only via secure transport (HTTPS)
I’m running ktor on http, and proxying it through http/2 nginx. Is there a way to solve this?
j

Jonathan Mew

10/16/2019, 11:47 AM
Do you use HTTPS to connect to nginx? The test that ktor uses is
call.request.origin.scheme == "https"
a

adeln

10/16/2019, 11:49 AM
but I don’t want TLS on 127.0.0.1 🙂 And I don’t know if that’s even possible
my application.conf:
Copy code
ktor {
    application {
        modules = [ adeln.MainKt.module ]
    }
    deployment {
        host = "127.0.0.1"
        port = 8080
    }
}
j

Jonathan Mew

10/16/2019, 11:51 AM
We have TLS set up - we use a *.localhost.com address on Chrome and set up a tls cert with https://github.com/FiloSottile/mkcert
a

adeln

10/16/2019, 11:52 AM
are there any other benefits other than setting the secure cookie flag?
j

Jonathan Mew

10/16/2019, 11:55 AM
I can't remember what gets treated differently by the browser - we set it up a long time ago now, sorry! On the whole the more live-like our dev environments, the better 🙂
I feel like we struggled with it for a bit but something did push us to finally iron it out
a

adeln

10/16/2019, 11:56 AM
out of curiosity (I’m still new to this) do you launch both ktor & nginx on both dev & prod?
j

Jonathan Mew

10/16/2019, 11:58 AM
On dev we serve from npm start. It's dockerised but we mount in our source to take advantage of hot reloading.
m

Marc Knaup

10/16/2019, 12:31 PM
It's always good to use SSL locally. As Jonathan said - the closer your dev environment is to the live environment the better. You're more likely to spot issues that are related to SSL usage in this case. Even the additional remote DNS lookup can make a difference.
a

adeln

10/16/2019, 12:33 PM
wow. I though they were completely unrelated — live has a separate domain, separate cert update schedule and all that
j

Jonathan Mew

10/16/2019, 12:34 PM
separate domain is GOOD, keep that 🙂
a

adeln

10/16/2019, 12:35 PM
and since I need nginx anyway to serve some files (PartialContent in ktor is far from perfect), I thought I’m ok with cleartext on 127.0.0.1. Are there any resources to read on this?
j

Jonathan Mew

10/16/2019, 12:35 PM
and I don't think cert update necessarily should be identical (I guess you might want some more trusted and more expensive cert for prod) though you might benefit from them being the same if you configure/renew through configuration as code, or if it's an option have a staging environment that is more live-like cert-wise
s

Sergey Akhapkin

10/16/2019, 7:49 PM
@adeln Did you try to use XForwardedHeaderSupport feature for that? https://ktor.io/servers/features/forward-headers.html
a

adeln

10/27/2019, 9:37 AM
I have not @Sergey Akhapkin , thanks for pointing it out!
80 Views