Bug #2969

Not able to create secure socket connection.

Added by Deepak 8 months ago. Updated 7 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:



Lighttpd version in use lighttpd/1.4.54 (ssl).

I'm able to make web socket connection, but I'm not able to make secure socket connection.

With secure socket configuration, I'm make connection with non-secure web socket connection. Below is curl sample request.

curl --insecure -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host:" -H "Origin:"
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
WebSocket-Location: ws://
Sec-WebSocket-Accept: Kfh9QIsMVZcl6xEPYxPHzW8SZ8w=

With secure request, I'm seeing below error:

curl --insecure -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host:" -H "Origin:"
curl: (35) SSL received a record that exceeded the maximum permissible length.

On browser, I'm seeing below when I make request.

WebSocket connection to 'wss://' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR

I've followed below link:

Please note, I'm using self-signed certificate for ssl configuration and I've attached lighttpd configuration.

Requesting to share some light, if I'm something in the configuration.


lighttpd.conf (12.6 KB) lighttpd.conf Deepak, 2019-08-07 05:53

Updated by gstrauss 7 months ago

  • Status changed from New to Invalid

DO NOT FILE BUGS for questions like "how do I...?"
Please ask questions in the support Forum (see the Forums tab near the top of the page)

I've followed below link:

The config you provided is incomplete. If you actually carefully read through the above links, you would have seen how to get a complete config (lighttpd -p -f /etc/lighttpd/lighttpd.conf)


lighttpd with mod_wstunnel works fine with both http and https.

(Instead of mod_wstunnel, perhaps you want to use mod_proxy to proxy to your websocket backend.)


server.modules += ("mod_wstunnel")
$HTTP["url"] =~ "^/ws" {
    wstunnel.server = ( "" => (( "host" => "", "port" => "12345")) )
    wstunnel.frame-type = "text" 

Note that I am using wstunnel.frame-type = "text" above.

Note: PHP is a considered a poor choice for a socket backend, but I have found that those who use PHP have a difficult time with other languages.
Manually starting a PHP script as a daemon in another window:
php -q wstunnel-endpoint-example.php


$address = '';
$port = 12345;

$server = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_set_option($server, SOL_SOCKET, SO_REUSEADDR, 1);
socket_bind($server, $address, $port);

while (($client = socket_accept($server))) {
    do { sleep(1); } while (FALSE !== socket_write($client, 'Now: '.time()));


Using /path/to/docroot/example.html and having my lighttpd server listen on port 8443 with TLS enabled:

    <div id="root"></div>
        var host = 'wss://';
        var socket = new WebSocket(host);
        socket.onmessage = function(e) {
            document.getElementById('root').innerHTML =;

Also available in: Atom