How to make Websocket connection working with HTTPS / TLS? - https

In Ubuntu 18.04.4 Desktop I'm trying to make websocket connection working.
I started the discovery-swarm-webrtc :
(base) marco#pc01:~/webMatters/vueMatters/GGC/node_modules/hyperswarm-web/node_modules/.bin$ ./discovery-signal-
webrtc
discovery-signal-webrtc running on 4000
I modified in the Hyperswarmweb.vue file the wsProxy as :
this.swarm = hyperswarm({
// If you omit this, it'll try to connect to 'wss://hyperswarm.mauve.moe'
// It will also attempt to connect to a local proxy on `ws://localhost:4977`
//wsProxy: 'ws://yourproxy.com',
wsProxy: 'ws://ggc.world:4000',
simplePeer:{
config:{
}
}
})
// look for peers listed under this topic
const topic = crypto.createHash('sha256')
.update('my-hyperswarm-topic')
.digest()
this.swarm.join(topic)
I get this error :
"
Websocket connection to 'ws://localhost:4977/' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
Mixed Content: The page at 'https://ggc.world/signup' was loaded over HTTPS, but attempted to connect to the insecure
WebSocket endpoint 'ws://ggc.world:4000'. This request has been blocked; this endpoint will be available over WSS.
Uncaught DOMException: Failed to construct 'WebSocket': an insecure WebSocket connection may not be initiated from a page
loaded
"
This is the part of the nginx webserver configuration related to websocket:
upstream websocket {
#server ggc.world:4977;
#server ggc.world:1234;
server ggc.world:4000;
}
server {
listen 8443 ssl;
server_name ggc.world;
ssl_certificate /etc/letsencrypt/live/ggc.world-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ggc.world-0002/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ggc.world-0002/chain.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /p2p {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade "Websocket";
proxy_set_header Connection "Upgrade";
proxy_set_header Host ggc.world;
}
}
As far as I understand reading here: WebSocket with SSL , we cannot use websockets with HTTPS but we can se websockets over TLS.
And in order to use websockets over TLS, we have to use wss:// : Mixed Content error when accessing WebSocket server hosted in a different port
I modified in the Hyperswarmweb.vue file the wsProxy:
//wsProxy: 'ws://yourproxy.com',
wsProxy: 'wss://ggc.world:4000',
and now get this error:
"
WebSocket connection to 'ws://localhost:4977' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
"
If I modify the Proxy in Hyperswarmweb.vue :
//wsProxy: 'ws://yourproxy.com',
//wsProxy: 'wss://ggc.world:4000'
wssProxy: 'wss://ggc.world:4000',
I get this error:
"
WebSocket connection to 'ws://localhost:4977' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
"
I tried also to follow these indications: https://www.nginx.com/blog/websocket-nginx/
and modified the nginx configuration's part related to websocket as follows:
upstream websocket {
server ggc.world:4000;
}
server {
listen 8443 ssl;
server_name ggc.world;
ssl_certificate /etc/letsencrypt/live/ggc.world-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ggc.world-0002/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ggc.world-0002/chain.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
#proxy_set_header Upgrade "Websocket";
proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "Upgrade";
proxy_set_header Connection $connection_upgrade;
#proxy_set_header Host ggc.world;
proxy_set_header Host $host;
}
}
But I get the same error :
"
WebSocket connection to 'wss://ggc.world:4000/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
"
I read here: Using ws:// while on https:// (mixed content)
"If you can serve the page via https somewhere on your server there are certificate and chain files, use these to serve a wss"
I already put them in the NGINX configuration, in the part related to the websocket.
Where else should I put certificate and chain files paths? in wsProxy in Hyperswarmweb.vue?
Environment Info:
System:
OS: Linux 5.3 Ubuntu 18.04.4 LTS (Bionic Beaver)
CPU: (8) x64 Intel(R) Core(TM) i7-4790K CPU # 4.00GHz
Binaries:
Node: 14.3.0 - ~/.nvm/versions/node/v14.3.0/bin/node
Yarn: 1.22.4 - /usr/bin/yarn
npm: 6.14.5 - ~/.nvm/versions/node/v14.3.0/bin/npm
Browsers:
Chrome: 83.0.4103.116
Firefox: 77.0.1
npmGlobalPackages:
#vue/cli: 4.4.4
How to make the Websocket connection working?
Looking forward to your kind help.
Marco

WebSocket connection to 'ws://localhost:4977' failed:
Is simply because you are not running a local hyperswarm proxy server on your machine. Start one up and your app will connect to it locally.

Related

Nginx Reverse Proxy For Web App Hosted on Local Server

I am hosting a web application via a home server. I have my Cloudflare DNS A record pointed to my public ip and my firewall is off. I am using cloud flare for SSL.
My app is running on local host (127.0.0.1) port 1624.
I am using nginx. My server name is my public ip and listen is port 80.
My reverse proxy is pointed at 127.0.0.1:1624.
I have port 80 open on my router as well.
For some reason I am not able to connect to my website. What could be causing this?
The developer of the web app has told me to use my domain name for the server name and keep the port as default 80 while pointing the reverse proxy to 127.0.0.1:1624.
My nginx conf:
server
{
server_name {mypublicip};
#server_name {mydomainname};
listen 80;
location / {
proxy_pass http://127.0.0.1:1624; # my web app proxy
proxy_http_version 1.1;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Router Settings:
I've tried:
Nginx conf -
server_name > domain NAME
server_name > public ip
My app is working when I go to 127.0.0.1:1624 just not my domain.
You should configure port forwarding on your router - so that all packets coming on port 80 of the public IP on your router will be forwarded to port 80 of your local PC (which probably has an internal IP address in a 192.168.xx.yy range). Then your nginX should listen on port 80 at that 192.168.xx.yy address on your PC and proxy_pass to 127.0.0.1:1624 where your application is listening.
IF you don't do this - packets will end up on the router instead of at nginX in your local PC.

Devilbox (docker) + Laravel Websockets

Trying to get the two to work together. Is there something I'm missing or way to debug why it's not working?
Edited .devilbox/nginx.yml as suggested here although trying to contain it to path: wsapp
---
###
### Basic vHost skeleton
###
vhost: |
server {
listen __PORT____DEFAULT_VHOST__;
server_name __VHOST_NAME__ *.__VHOST_NAME__;
access_log "__ACCESS_LOG__" combined;
error_log "__ERROR_LOG__" warn;
# Reverse Proxy definition (Ensure to adjust the port, currently '8000')
location /wsapp/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://php:6001;
}
__REDIRECT__
__SSL__
__VHOST_DOCROOT__
__VHOST_RPROXY__
__PHP_FPM__
__ALIASES__
__DENIES__
__SERVER_STATUS__
# Custom directives
__CUSTOM__
}
Installed laravel-websockets and configured to use '/wsapp'
Visit the dashboard to test:
https://example.local/laravel-websockets
But console has error:
Firefox can’t establish a connection to the server at
wss://example.local:6001/wsapp/app/a558686cac00228eb003?protocol=7&client=js&version=4.3.1&flash=false.
2 pusher.min.js:8:6335 The connection to
wss://example.local:6001/wsapp/app/a558686cac00228eb003?protocol=7&client=js&version=4.3.1&flash=false
was interrupted while the page was loading. pusher.min.js:8:6335
I've Created a Setup that works...
first you need 2 domains in devilbox...
For you Laravel App (example.local)
For you Laravel Websocket (socket.example.local)
on your socket.example.local directory...
create htdocs and .devilbox here you'll add your nginx.yml file
when you try to connect to your socket.
don't use the port anymore...
and don't isolate the socket to /wsapp anymore...
use socket.example.local in .env PUSHER_HOST value
run your laravel websocket on example.local...
visit /laravel-websockets dashboard... remove the port value then click connect
I don't suggest you'll serve your socket in /wsapp because it's hard to configure nginx to serve 2 apps... (it's hard for me, maybe someone more expert on nginx can suggest something regarding this setup)
but that's my solution... if you didn't understand, please do comment

Allow NGINX to send requests over http to another port

I have a React application running with NGINX which handles traffic on one port (www.domain.com - https) and I also have a back-end Spring Boot application which runs on a different port (www.domain.com:7080 - http).
Now NGINX serves 80, 443 ports and loads up my React application. My react application is hard-coded to send requests to www.domain.com:7080, however all requests fail. In the browser's console I can see the following error:
The page at 'https:// domain.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http:// domain.com:7080/auth/login'. This request has been blocked; the content must be served over HTTPS.
My NGINX configuration:
server {
listen 443 ssl; # managed by Certbot
root /var/www/ui;
server_name www.domain.com domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
index index.html;
}
}
server {
listen 80;
if ($host = domain.com) {
return 301 $host$request_uri;
} # managed by Certbot
server_name www.domain.com domain.com;
return 301 https://$host$request_uri; # managed by Certbot
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
My back-end application is served over http and I'd like to permit the front-end to talk to the back-end service.
I couldn't locate a similar question or tutorial on how I would go about solving this therefore I'm hoping to get some answers here :3
create api endpoint in your domain i.e. www.domain.com/api and configure nginx to pass traffic from that endpoint to your backend with proxy_pass directive. You'll have secure connection from your users and won't need to change anything in your backend server.

Kibana 5 not working behind nginx

I have setup ELK using docker (https://github.com/deviantony/docker-elk).
Then I added a subdomain to nginx with this config:
location / {
auth_basic "closed site";
auth_basic_user_file /var/www/passwd;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_pass http://localhost:5601;
}
When I now visit this subdomain I see that Kibana loads but then fails.
This is what my browser console shows:
When I visit Kibana directly using the IP of my server and the port 5601 it runs flawlessly. This only happens when being proxy_passed through nginx.

Generate ssl-certificate and configure RStudio server?

Actually i need to run rstudio server using https.
By default is http://server-ip:8787
I am following this file- (ssl- configuration)
https://s3.amazonaws.com/rstudio-server/rstudio-server-pro-0.98.507-admin-guide.pdf
You can set-up access to the RStudio server via a proxy. By doing that and setting up the Apache or Nginx web server to use SSL, you will have secure access to the RStudio server.
Here's an example of how you can both Shiny and RStudio running on the same domain using SSL and Nginx. If you use https://YOURDOMAIN/ it will run your shiny apps; https://YOURDOMAIN/rstudio to be able to edit the shiny apps directly from the browser!
Replace YOURDOMAIN with your server URL:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#Server with proxy
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/YOURDOMAIN/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN/privkey.pem;
server_name YOURDOMAIN;
location / {
proxy_pass http://localhost:3838;
proxy_redirect http://localhost:3838/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
location /rstudio/ {
rewrite ^/rstudio/(.*)$ /$1 break;
proxy_pass http://localhost:8787;
proxy_redirect http://localhost:8787/ $scheme://$host/rstudio/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
}
Unfortunately SSL is only available in the paid version.
See: https://www.rstudio.com/products/rstudio-server-pro/

Resources