Embedding SSL inside HTTP @ 5 am

This weekend I’m doing the Startup Weekend in Quebec City, the city where I do most of my Foursquare checkins

Saturday has been ruff on me because I’m an good backend developer who has no clue on how to use jQuery mobile (OH, I hate to make sliders inside a hell of javascript-resized and absolute-positioned DIVs). And the truth is that the backend is no so important for creating a proof of concept in 48h. So what’s better to change my mind than coding some crazy things at 5 am?

As I wrote in my last post, there is no reason not to use a PaaS to deploy your apps. Even when your protocol need full duplex TCP. I hadn’t tested it yet, but I was sure we could use HTTP Upgrade to embed any TPC protocol inside HTTP and deploy this on nodejitsu.

I was right ⇒ my test case on Github

It’s a simple echo server that use SSL to encrypt the stream after a HTTP handshake in cleartext. The funny thing is that nodejitsu’s proxy will close the connection if the client asks for a different protocol than “websocket”. Just fake it and send whatever data you want. Advice: send a X-Upgrade header, so your server will know what’s going on


  • Battle test it
  • Watch out for timed out connection
  • Don’t test on a shitty university’s wifi
  • Send me a pull request for a README ;)
  • Don’t write blog post in english at 5:30 am when your primary language is french