Bug #2969
closedNot able to create secure socket connection.
Description
Hi,
Lighttpd version in use lighttpd/1.4.54 (ssl).
I'm able to make web socket connection, but I'm not able to make secure socket connection.
With secure socket configuration, I'm make connection with non-secure web socket connection. Below is curl sample request.
curl --insecure -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: 10.10.11.1" -H "Origin: https://10.10.11.1" http://10.10.11.1:4454/ws_server.php
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
WebSocket-Location: ws://10.10.11.1/ws_server.php
Sec-WebSocket-Accept: Kfh9QIsMVZcl6xEPYxPHzW8SZ8w=
With secure request, I'm seeing below error:
curl --insecure -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: 10.10.11.1" -H "Origin: https://10.10.11.1" https://10.10.11.1:4454/ws_server.php
curl: (35) SSL received a record that exceeded the maximum permissible length.
On browser, I'm seeing below when I make request.
WebSocket connection to 'wss://10.10.11.1:4454/ws_server.php' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
I've followed below link:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWSTunnel
https://redmine.lighttpd.net/boards/2/topics/7600
Please note, I'm using self-signed certificate for ssl configuration and I've attached lighttpd configuration.
Requesting to share some light, if I'm something in the configuration.
Files
Updated by gstrauss about 5 years ago
- Status changed from New to Invalid
DO NOT FILE BUGS for questions like "how do I...?"
Please ask questions in the support Forum (see the Forums tab near the top of the page)
I've followed below link:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWSTunnel
https://redmine.lighttpd.net/boards/2/topics/7600
The config you provided is incomplete. If you actually carefully read through the above links, you would have seen how to get a complete config (lighttpd -p -f /etc/lighttpd/lighttpd.conf
)
.
lighttpd with mod_wstunnel works fine with both http and https.
(Instead of mod_wstunnel, perhaps you want to use mod_proxy to proxy to your websocket backend.)
.
server.modules += ("mod_wstunnel") $HTTP["url"] =~ "^/ws" { wstunnel.server = ( "" => (( "host" => "127.0.0.1", "port" => "12345")) ) wstunnel.frame-type = "text" }
Note that I am using
wstunnel.frame-type = "text"
above.
Note: PHP is a considered a poor choice for a socket backend, but I have found that those who use PHP have a difficult time with other languages.
Manually starting a PHP script as a daemon in another window:php -q wstunnel-endpoint-example.php
<?php $address = '127.0.0.1'; $port = 12345; $server = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); socket_set_option($server, SOL_SOCKET, SO_REUSEADDR, 1); socket_bind($server, $address, $port); socket_listen($server); while (($client = socket_accept($server))) { do { sleep(1); } while (FALSE !== socket_write($client, 'Now: '.time())); } ?>
Using /path/to/docroot/example.html and having my lighttpd server listen on port 8443 with TLS enabled:
https://localhost:8443/example.html
<html> <body> <div id="root"></div> <script> var host = 'wss://127.0.0.1:8443/ws'; var socket = new WebSocket(host); socket.onmessage = function(e) { document.getElementById('root').innerHTML = e.data; }; </script> </body> </html>
Also available in: Atom