Created question in FIWARE Q/A platform on 08-09-2015 at 13:09
Please, ANSWER this question AT http://stackoverflow.com/questions/32457050/orion-and-rush-https-notifications-over-port-443

Question:
Orion and Rush - HTTPS notifications over port 443

Description:
I have been trying to set up an Orion instance which would support subscription notifications to HTTPS (using Rush), but the handling of this seems to be a bit incorrect. Setting the notification url to e.g. https://www.example.com/path/ ends up at Rush as www.example.com:443/path/.

This is unsafe and not up to standards, as such a request could actually avoid https by using the same port over http. In our company we have a proxy set up which refuses such requests as "Bad Request: You're speaking plain HTTP to an SSL-enabled server port". The same error comes up in the Rush consumer output, while direct curl requests to Rush without the port work ok. See this discussion for another argument that the current requests are incorrect: http://security.stackexchange.com/questions/46015/speaking-plain-http-over-an-ssl-enabled-server-port. Google refuses such requests as well.

Our proxy is set up to redirect any http requests to https, but these do not work either, as Rush does not seem to follow the redirects.

How can we avoid this issue? Modifying our proxy would be unsafe and not following standards, changing Orion would require recompiling from sources and changing Rush to remove the port would be a bit hacky. Any changes (like adding the port or removing/changing the protocol) to the notification URL do not help.

EDIT: The command to run Orion was:

/usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/log/contextBroker/contextBroker.pid -dbhost localhost -db orion -rush localhost:5001

Rush (v 1.8.3) was installed with default values and Orion was updated from v0.14.1 to v0.23.0.