[Koha-bugs] [Bug 25965] Create SIP2 client daemon with HTTPS API endpoint

Fri Jul 10 08:00:51 CEST 2020

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25965

David Cook <dcook at prosentient.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dcook at prosentient.com.au

--- Comment #2 from David Cook <dcook at prosentient.com.au> ---
(In reply to Lari Strand from comment #0)
> I am trying to pass messages to a sip server using a new endpoint I created
> in swagger/openApi. This endpoint uses the guidelines described here:
> 
> http://biblstandard.dk/rfid/dk/rfid_sip2_over_https.htm
> 

I find it odd that they say "SIP2 messages are typically exchanged directly
over tcp or via telnet, but this prevents SIP2 being used over an internet
connection". The Internet is made up of predominately TCP/IP networks. Maybe
they meant "the World Wide Web" in regards to HTTP(S) specifically? 

I don't understand why they'd have to use HTTPS. What are the target SIP2
client and SIP2 server technologies being used? Is this for Koha's SIP2 server?
What's going to be acting as the SIP2 client?

> My problem is that the sip server closes the connection after this first SC
> device login message has been passed and the response has been read back in
> my module:
> 

> So I need a way to keep this socket connection open for other future
> messages.

Koha's SIP2 server will have a TCP socket in a LISTEN state. The SIP2 client
will establish a TCP connection and when the SIP2 server accepts that
connection, it creates a new socket which lasts for the duration of that
connection (you could view this using system utilities like 'netstat' or 'ss',
the latter being more modern and useful). If either the server or the client
close their end of that socket, that socket is finished.

> Without touching the sip server's code itself, the only solution I
> can come up with is a proxy server that handles and passes on the REST api's
> incoming messages to sockets and keeps each invidual socket connection open
> to specific instances of the sip servers (I suppose the sip server itself
> ends the connections when needed so you wouldn't have to worry about it in
> the sender's end).
> Another solution would be to build a new api separate from the
> swagger/Openapi one. Like an all-in-one solution that deals with the
> requests and keeps tabs on the open socket connections.
> 

Does it have to be HTTPS?

You should be able to use Nginx as a TCP proxy with SSL termination. (I don't
know about Apache's abilities as a TCP proxy. I haven't heard of it, but it
could be a thing. I only have personal experience using Nginx as a TCP proxy
for non-HTTP application protocols.)

Client:
https://metacpan.org/pod/IO::Socket::SSL
Proxy:
https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-tcp/

Remember that HTTP is just an application protocol which uses TCP for its
transport, and the TLS/SSL is done at the transport level. 

But... it sounds like there might be a bit of a sunken cost in terms of doing
this SIP2 over HTTPS as per
http://biblstandard.dk/rfid/dk/rfid_sip2_over_https.htm. 

If you have to go HTTPS, I'd say use either Koha or Apache to proxy the HTTPS
to a backend service that has a HTTP(S) listener, uses sessions, and can create
persistent connections to the SIP2 server.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.