Project

General

Profile

Actions

Bug #2969

closed

Not able to create secure socket connection.

Added by Deepak over 5 years ago. Updated about 5 years ago.

Status:
Invalid
Priority:
Normal
Category:
mod_wstunnel
Target version:
ASK QUESTIONS IN Forums:

Description

Hi,

Lighttpd version in use lighttpd/1.4.54 (ssl).

I'm able to make web socket connection, but I'm not able to make secure socket connection.

With secure socket configuration, I'm make connection with non-secure web socket connection. Below is curl sample request.

curl --insecure -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: 10.10.11.1" -H "Origin: https://10.10.11.1" http://10.10.11.1:4454/ws_server.php
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
WebSocket-Location: ws://10.10.11.1/ws_server.php
Sec-WebSocket-Accept: Kfh9QIsMVZcl6xEPYxPHzW8SZ8w=

With secure request, I'm seeing below error:

curl --insecure -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: 10.10.11.1" -H "Origin: https://10.10.11.1" https://10.10.11.1:4454/ws_server.php
curl: (35) SSL received a record that exceeded the maximum permissible length.

On browser, I'm seeing below when I make request.

WebSocket connection to 'wss://10.10.11.1:4454/ws_server.php' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR

I've followed below link:

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWSTunnel
https://redmine.lighttpd.net/boards/2/topics/7600

Please note, I'm using self-signed certificate for ssl configuration and I've attached lighttpd configuration.

Requesting to share some light, if I'm something in the configuration.


Files

lighttpd.conf (12.6 KB) lighttpd.conf Deepak, 2019-08-07 05:53
Actions #1

Updated by gstrauss about 5 years ago

  • Status changed from New to Invalid

DO NOT FILE BUGS for questions like "how do I...?"
Please ask questions in the support Forum (see the Forums tab near the top of the page)

I've followed below link:

https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWSTunnel
https://redmine.lighttpd.net/boards/2/topics/7600

The config you provided is incomplete. If you actually carefully read through the above links, you would have seen how to get a complete config (lighttpd -p -f /etc/lighttpd/lighttpd.conf)

.

lighttpd with mod_wstunnel works fine with both http and https.

(Instead of mod_wstunnel, perhaps you want to use mod_proxy to proxy to your websocket backend.)

.

server.modules += ("mod_wstunnel")
$HTTP["url"] =~ "^/ws" {
    wstunnel.server = ( "" => (( "host" => "127.0.0.1", "port" => "12345")) )
    wstunnel.frame-type = "text" 
}

Note that I am using wstunnel.frame-type = "text" above.

Note: PHP is a considered a poor choice for a socket backend, but I have found that those who use PHP have a difficult time with other languages.
Manually starting a PHP script as a daemon in another window:
php -q wstunnel-endpoint-example.php

<?php

$address = '127.0.0.1';
$port = 12345;

$server = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_set_option($server, SOL_SOCKET, SO_REUSEADDR, 1);
socket_bind($server, $address, $port);
socket_listen($server);

while (($client = socket_accept($server))) {
    do { sleep(1); } while (FALSE !== socket_write($client, 'Now: '.time()));
}

?>

Using /path/to/docroot/example.html and having my lighttpd server listen on port 8443 with TLS enabled:
https://localhost:8443/example.html

<html>
<body>
    <div id="root"></div>
    <script>
        var host = 'wss://127.0.0.1:8443/ws';
        var socket = new WebSocket(host);
        socket.onmessage = function(e) {
            document.getElementById('root').innerHTML = e.data;
        };
    </script>
</body>
</html>

Actions

Also available in: Atom