I have an Apache server running with SSL enabled. Now I made a small chat which is using node.js and socket.io to transmit data. Using port 8080 on a none secured connection is working just fine, but when I try it on a SSL secured domain it is not working. I do not get how the whole setup should work since SSL is only working through port 443. Apache is already listining on port 443. On which port should socket.io listen?
I had to set the SSL certificates like
var fs = require('fs');
var options = {
key: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.no_pass.key'),
cert: fs.readFileSync('/etc/ssl/ebscerts/wildcard.my_example.com.crt'),
ca: fs.readFileSync('/etc/ssl/ebscerts/bundle.crt')
};
var app = require('https').createServer(options),
io = require('socket.io').listen(app);
app.listen(8080);
I found the solution on github
Related
I am trying to use stunnel to turn a wss connection into a ws connection because wsServer doesn't support wss. The server is running Ubuntu, and the client I'm using is Chrome, if it matters.
This is my stunnel.conf file
foreground = yes
debug = info
output = /var/log/stunnel.log
[wsServer]
cert = /etc/letsencrypt/live/myurl.com/fullchain.pem
key = /etc/letsencrypt/live/myurl.com/privkey.pem
accept = 0.0.0.0:8443
connect = 127.0.0.1:8080
I'm trying to connect to it with a javascript call:
const socket = new WebSocket('wss://myurl.com:8433');
But I consistantly get a connection error:
(index):13 WebSocket connection to 'wss://myurl.com:8433/' failed: (anonymous) # (index):13
Here's what I've checked:
That my port forwarding/system firewalls aren't eating the connection. If I kill stunnel and setup a regular socket listening on either port 8080 or 8433, I can connect to that socket from the client machine.
wsServer accepts non-encrypted traffic, if I instead connect with ws://myurl.com:8080 it works fine
wsServer accepts connections from localhost just fine, which I understand is necessary when stunnel is running on the same machine as the server
Chrome accepts my cert when used for https pages under the same domain, so I don't think I have a cert signing error, but I don't know how to tell if the cert is related to the connection failing
Stunnel does not print any errors when starting up
Nothing gets printed to /var/log/stunnel.log, although the file was created after I added the output field to the .conf file
Any ideas about what else I can try? Is there some reason the cert that works for https wouldn't work with wss?
Do people recommend using ProxyPass through apache and avoiding stunnel altogether?
Not a solution, but a next troubleshooting step. Get yourself openssl and attempt to connect to 8443. This should spit back the certificate information and at least confirm stunnel is presenting the certificate.
openssl s_client -connect myurl.com:8443
It's been awhile since I configured stunnel, but IIRC you can't put a password on your key.
I'm trying to use tor, socksipy and ssl to proxy a ssl connection. My client looks like this:
import socks, ssl
s = socks.socksocket()
s.setproxy(socks.PROXY_TYPE_SOCKS5,"127.0.0.1", 9050)
ssl_sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
ssl_sock.connect(('127.0.0.1', 443))
The server just accepts connections and prints getpeername.
The peer name is always 127.0.0.1. It doesn't even matter if I give it a non-valid proxy. The client won't complain, it will connect anyway.
How do I make it connect through the proxy?
I managed to figure it out so I will leave the answer here for future reference.
The first problem was that I tried to connect to 127.0.0.1. As the request was proxied, the proxy would try to connect to 127.0.0.1, so it would try to connect to itself, not to me.
I had to configure my router to forward requests on port 443 to my laptop and then I replaced 127.0.0.1 with my routers IP.
After that was out of the way, I found out that socksipy doesn't play very well with ssl.
I had to call connect on the socket before wrapping it, otherwise I'd get a handshake failure. The code became:
import socks, ssl
s = socks.socksocket()
s.setproxy(socks.PROXY_TYPE_SOCKS5,"127.0.0.1", 9050)
s.connect(('127.0.0.1', 443))
ssl_sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
After that, everything was working fine.
I am using a self-hosted OWIN listener for a Web API implementation that runs in a local process. However, I am unable to listen on port 443 successfully.
The following works:
var startOptions = new StartOptions();
startOptions.Urls.Add("http://127.0.0.1:9866");
startOptions.Urls.Add("https://127.0.0.1:9877");
webServer = WebApp.Start<PbiMockStartup>(startOptions);
However, when change the port numbers to 80 and 443, I consistently get 503 - Service Unavailable. I added the same SSL certificate for both 9877 and 443 ports using the netsh command with no luck.
I see from "netstat" that the "SYSTEM" process with PID (4) is listening on port 443 already, however I could not find a way to stop it other than disabling the HTTP.sys module, which will not work for me.
How does one go about listening on port 443 from a self-hosted OWIN listener?
I tried adding URLs with "localhost" and machine-name in the startup options, but the final solution that worked out was to have a '+' like following:
var startOptions = new StartOptions();
startOptions.Urls.Add("http://+:80");
startOptions.Urls.Add("https://+:443");
webServer = WebApp.Start<MyMockClass>(startOptions);
I am using Cloudflare, Heroku Hobby Dynos to host my website. I am quite confused on how https and SSL management is being handled using their provided SSL certificates. Should I purchase my own self signed certificate instead?
Also on the backend, I have it currently configured with http, but since I did not manually purchase an SSL cert but rather using Heroku's and/or Cloudflare's, what should I do to handle https requests with the https library?
Here is what I currently have:
const PORT = process.env.PORT || 8000;
const server = http.createServer(app);
const io = require('socket.io')(server);
require('./socket')(io);
server.listen(PORT, () => {
console.log(chalk.blue('Server started on port', chalk.magenta(PORT)));
});
I have ratchet webSocket server running and it works well.
the problem is that some of the connections are closing right after the handshake.
after searching stackOverflow and google I found out that I should use wss, because using ssl will prevent the connections from being closed. after some more reading I found that wss is not implemented yet in ratchet, and that the solution is to warp ratchet with stunnel. I searched again for help on how to implement this but found non .
how do I warp ratchet with stunnel? is there a better way to solve this problem?
I'm really a newbie will all the ssl issue.
thanks!
Set up your ratchet websocket to accept only local connections:
$webSock = new Server($loop);
$webSock->listen(8080, '127.0.0.1'); // local connections only
$session = $this->getContainer()->get('session.provider');
$server = new IoServer(new WsServer($session), $webSock, $loop);
Generate a server certificate. Nice instructions for ubuntu here.
Now install stunnel. Ubuntu instructions here.
Configure stunnel to use the new certificate and accept connections on a secure port and tunnel them to your websocket server:
cert = /etc/ssl/certs/server.crt
key = /etc/ssl/private/server.key
...
[websockets]
accept = 8443
connect = 8080
Start stunnel, and you should be off to the races.