Hi, can anyone recommend a good tutorial on how to set up websockets with TLS in kdb? I’ve read the q4m chapters on basic websockets and aquaq’s, Using kdb with REST APIs, though I’m wondering if this information is still relevant with the current versions of TLS and kdb?
Essentially, I’d like to set up https methods (get and post) to connect a remote server to a browser using either TLS 1.2 or 1.3. What is the recommended way to achieve this?
Currently, I have a few keyed tables running on a server, which I would like to be able to query via the browser as well as update and post new data.
Thanks for the help and happy to share any additional info if needed.
Hi marrowgari,
By default kdb+ does not encrypt messages between a web browser and a server. To enable TLS encryption, you should first generate a TLS certificate, then enable this in the command line. You can generate the certificate you can do this yourself or you can get one (for free) from letsencrypt.
Once you have a TLS certificate, you can enable it in the command line by doing the following. Set the variables SSL_CERT_FILE and SSL_KEY_FILE to the full file path to your certificate and key files.
$ export SSL_CERT_FILE=$HOME/certs/server-crt.pem$ export SSL_KEY_FILE=$HOME/certs/server-key.pem
Next you open the q session you will be connecting to on the server with the following command line arguments:
$ q-u 1-E 1-p 5000
This tells q to open the session in TLS server mode and to listen for any plain and TLS connections on port 5000.
Then open the port you will be connecting to using the following in your q session.
h:hopen:tcps://hostname:port[:username:password]`
Once this has been done you can establish a connection to a remote server using your web browser. This can be accomplished by entering the IP address of the server followed by the port number you wish to open a handle to into the URL of your browser. The syntax is as follows:
123.456.7.89:5000
From this web session you can query the tables stored on the server side and you can update the tables.
If you want to read into this topic further, I’d recommend visiting https://code.kx.com/v2/kb/ssl/
Thanks, Jonathan. That’s very helpful. Specifically / in addition to, I’m looking for some clear info on the .z.ph and .z.pp system variables. Though the TLS tips are great. Thank you.