I have purchased a certificate and installed in my node.js website.But the https at the browser shows green and is OK.Now, I am trying to establish a socket connection using wss, but it failed.
The error at the Javascript client side is like this.
WebSocket connection to 'wss://securedsitedotcom:3003/call' failed:
WebSocket opening handshake was canceled
Please help!
Code at client side (Javascript)
var ws = new WebSocket('wss://securedsitedotcom:3003/call');
Code at server side (node.js)
https = require('https');
var server = https.createServer({
key: fs.readFileSync(config.certKeyPath),
cert: fs.readFileSync(config.certCrt),
requestCert: true,
rejectUnauthorized: false
},app);
server.listen(port);
var wss = new ws.Server({
server: server,
path: '/call'
});
Error at the browser console :
WebSocket connection to 'wss://securedsitedotcom:3003/call' failed:
WebSocket opening handshake was canceled
Recent work with Chrome has revealed that if a page is served as https on Chrome, websockets must use wss. And if wss must be used, port 443 must be used (and to boot not any other secure port and so far I have not seen any way to change the port), which may be your problem since your port looks like 3003 above.
Right now I am trying to get my IT group to patch/upgrade Apache on that server so mod_proxy_wstunnel can be used to make Apache listening on 443 a reverse proxy and pass all wss traffic through to my websocket server.
Hope this helps.
I ran into a similar issue, but I was using a Self Signed Certificate. You mentioned that you bought a Certificate. I guest it is signed by the certificate authority.
Otherwise, like in my case, non-validated certificate can cause an "opening handshake was cancelled" error. A validated certificate is either validated by a third party (Certificate Authority, ie VeriSign) or explicitly authorized by the client.
In my case, VeriSign didn't sign my certificate (self signed), so I had to explicitly authorized it. To do so, I simply need to visit the https URL with the browser (in your case "https://securedsitedotcom:3003/call"). Then a "warning unauthorized host" appear. You need to authorize the exception and than you can make your WSS connection.
Your server can use any port, it is not bound to 443. 443 is the default port for https but any port can be explicitly specified like you've done.
I hope it helps someone.
Related
I'm having issues setting up a wss server (Secure Websocket Server) in node.js.
When we run the server and test it using an online websocket tester and connect to wss://localhost:8888 it works. But when we connect to wss://my_ip:8888 (ip found with ifconfig) it results in the error index.js:15 WebSocket connection to 'wss://192.168.1.217:8888/' failed.
I've made a git repository for easy testing: https://github.com/DaanS8/wss_error
Possible useful info
We pinged the ip on the port 8888 with `telnet my_ip 8888` which was successful. Any other port fails, which means it is listening?
Chrome behaves differently then Firefox, in chrome localhost works but in Firefox localhost doesn't even work whilst using the same tests on the online websocket tester.
The code is running on a ubuntu vm on a windows machine. It seems the ubuntu vm doesn't have its own firwall (sudo ufw status results in error), just turning of the windows firewall doesn't change the errors.
The certificates were generated with the following commands:
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
Enter pass phrase for myCA.key:
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Vlaams-Brabant
Locality Name (eg, city) []:Leuven
Organization Name (eg, company) [Internet Widgits Pty Ltd]:KU Leuven
Organizational Unit Name (eg, section) []:Pno
Common Name (e.g. server FQDN or YOUR name) []:Team x
Email Address []:xxxx#xxxxxxxx.be
openssl rsa -in myCA.key -text > private.pem
My main sources:
https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
How to Create Secure(TLS/SSL) Websocket Server
main.ts was copied from a blog post that I temporarily can't find anymore
Code
main.ts:
// Minimal amount of secure websocket server
var fs = require('fs');
// read ssl certificate
var privateKey = fs.readFileSync('certs/private.pem', 'utf8');
var certificate = fs.readFileSync('certs/myCA.pem', 'utf8');
var credentials = { key: privateKey, cert: certificate };
var https = require('https');
//pass in your credentials to create an https server
var httpsServer = https.createServer(credentials);
httpsServer.listen(8888);
var WebSocketServer = require('ws').Server;
var wss = new WebSocketServer({
server: httpsServer
});
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(message) {
console.log('received: %s', message);
ws.send('reply from server : ' + message)
});
ws.send('something');
});
See github for keys etc.
Your "online websocket tester" doesn't provide easily readible source code, so it is not clear what is failing. My guess: TLS cert validation is failing. (Browsers may have own rules for localhost, so it may be working for localhost in some browsers).
You are connecting to the IP, but cert is generated Common Name: Team x. Correct TLS client implementation should reject this kind of TLS connection, because server name is not matching TLS CN name ('IP'!='Team x').
Solutions:
1.) Generate proper TLS certificate, where Common Name is matching used IP. This is a proper secure solution for your use case (usually server FQDN is used, because domain is used for connection and not the server IP).
2.) Use websocket client, which provides option to disable cert verification.
3.) Open https://IP:8888 and add browser TLS exception for used cert. Exception should be applied also for wss protocol then.
Try using cloudflaired
for download : Click here
tutorial : Click here
it may be the problem of firewall rules, and other factors
EDIT:
This program packs a lightweight server that acts as a bridge from your computer to cloudflair servers. This hosts the site on a temporary subdomain for free
if you are having a cloudflair account, it will help with setting and configuring static permanent urls instead of dynamically changing every time
Sorry I don't know about the pricing as I use the free plan
for more info visit the docs
Because of this it can bypass many windows restrictions (like firewall) isp restrictions (like nat), etc. So you can focus on the project
Also this works even out of your lan. Just so you know it also works outside the lan. so to share a quick preview to others.
I uploaded my node.js app with ec2 AWS instance, my app.ts running on port 5000, I allowed within inbound rules HTTPS on port 443, also I bought have a domain with route 53 amazon, when I'm trying to send a request to https://ec2-3-example.com am getting err connection refused but when I'm sending a request with http://ec2-3-example.com:5000 locally I get the data from the server, how do I solve this?
thanks in advance I can share the code if it helps
In order to have access to your app via HTTPS, you will have to attach an SSL certificate to a reverse proxy somewhere in the middle of the system.
The problem you are experiencing is that you are opening port 443 in the EC2 instance, but your application is running on port 5000. On top of that, SSL termination will not be done automatically. You will need a reverse proxy like ALB or Nginx.
One way of doing it in your case could be:
Check that your app runs on port 5000 in an EC2 instance
Create an ALB and add your EC2 instance to it
Attach an SSL Certificate to your ALB with the corresponding domain
Allow inbound traffic on port 5000 in the security group of your EC2 instance, from your ALB
Allow inbound traffic on port 443 for the ALB
Route traffic from your domain on Route53 to your ALB
My socket io server does not have ssl certificate, so it only works in htpp, on
the other hand I have my web page which has ssl certificate,
So when I'm connecting to my socket web server (in http) on this page (in https), it's changes automatically in https so necessarily I get an error
The connection :
//Here I'm connecting in http
const socket = io("http://XXX.XX.XXX.XX:XXXX",{secure:false})
here you have the pictures which illustrates the problem, i have write "http: // xxxxxxxx" and in the console i got the error:
//But in the error we see that change and it's try to connect with https
"GET https://XXX.XX.XXX.XX:XXXX/socket.io/?EIO=3&transport=polling&t=NFiqorQ
net :: ERR_SSL_PROTOCOL_ERROR"
PS: when i try to connect to the websocket with wamp (so in http) it's work...
if anyone knows how to force the connection to http, please help me
Client side error
Client side conection
im sure it has something to do with your server. i only work with nginx so i can just talk about that but im sure its something similar in apache. I create virtual server blocks in nginx one is for the fileserver where ssl and certificate is enabled. after that i set up a block for the socket and set the server just to listen to http.
upstream socket {
server 127.0.0.1:2095;
server 127.0.0.1:80 backup;
keepalive 15;
}
server {
listen 80;
listen [::]:80;
root /var/www/socket/;
..... and so on
i work with a subdomain always to connect the socket like socket.domain.com but its not needed.
the same but with ssl on and linking certificate i do for the fileserver and this way it works pretty well.
var HOST = '144.125.....';
const socket = io(HOST,{secure:true})
Our website has been running on an internal test machine where it could be accessed by all computers inside the network.
Now we want to deploy this website on a webserver (Apache2) to make it available to our clients. We want to use https and this is where we encountered a problem.
The Socket.io client canĀ“t connect to the node.js server since switching to https. We are using a signed certificate from a trusted CA. I have tried every solution I could find but none seem to work for our case.
Constructor used with ngx-socket-io in angular:
constructor() {
super({url: 'https://mywebPage.com:8080',options:{secure: true, origin: '*', transport:['websocket']}})
}
Our certificate seems to be valid since it works for our angular page. We are also able to make HTTPS GET/POST requests to our API which is located on the same server.
node.js socket.io server code:
var options = {
key: fs.readFileSync('/etc/apache2/folder/certificate.com.key'),
cert: fs.readFileSync('/etc/apache2/folder/certificate.com.public.crt'),
ca: fs.readFileSync('/etc/apache2/folder/certificate-intermediate.crt'),
requestCert: true
};
let server = require('https').createServer(options);
let io = require('socket.io')(server);
server.listen(8080);
console.log("Server started on Port 8080");
the client tries to connect to the socket-Server but fails and gets the net::ERR_CONNECTION_CLOSED the rest of the web page loads fine and has a valid certificate
We have also tested to see if the port on the web server is accesible and it seems to be open in netstat and nma.
If any more information is needed I am glad to provide.
EDIT: have tested the setup with rejectUnauthorized:false on the client side but that does not change the error.
similar stack overflow questions which i have considered in solving the problem:
socket.io net::ERR_CONNECTION_CLOSED
Setup Server-Server SSL communication using socket.io in node.js
EDIT 2: added requestCert: false, rejectUnauthorized: false into my node.js options.
Now the previous Error has been resolved now:
error during WebSocket handshake: Unexpected response code: 400
I am new to WebRTC and WebSockets and was following this tutorial to create a WebRTC demo project, but I am unable to create a WebSocket connection. I have followed the same steps as mentioned in the project.
His project is running on port 8080 and he mentioned ws://localhost:9090. My project is running on port 8081, but I copied his URL ws://localhost:9090 because I didn't know the significance of 9090 and I received this error and my server is node.js. i changed local host to 8081 as well but then i am getting hand shake error.
WebSocket connection to 'ws://localhost:9090/' failed: Error in
connection establishment: net::ERR_CONNECTION_REFUSED.
Chrome doesn't allow unsecure websocket (ws) connections to localhost (only wss, so you should setup a TLS certificate for your local web/websocket server).
However the same should work fine with Firefox.
You need to use ws://yourIp:9090/, where yourIP is like 192.168.?.?.
Usually WebRTC requires a secure connection (that is https).
The error you have got is due to TLS/SSL certificates occupied, may be they are not properly configured in your project.
Provide a valid TLS/SSL certificate and also configure it correctly in project, then it will work without the above error.
try to change the port to 8080
const ws = new WebSocket('ws://localhost:8080/chat')
I guess this is a generic websocket issue.
Change the url to a dynamic name using the built-in location.host variable and change the protocol to secure websocket wss if you have set-up the TLS:
const ws = new WebSocket("wss://" + location.host + "/")
Port 9090 is used by reactotron. Probably you are using it in your project and your app cannot connect with reactotron because it is closed. Just open reactotron and the error will disappear.
also you could easily change the mappings of IP addresses to host names,
on windows go to C:\Windows\System32\drivers\etc\hosts and uncomment this line
127.0.0.1 localhost
save and restart.
WebSocket connection to 'ws://localhost:8080/' failed
Must ensure server file is running
I git this above problem
maybe you forgot to start websocket server, check it again, with configuration in my project, run:
php artisan websocket:init