Giters

Theldus / wsServer

wsServer - a tiny WebSocket server library written in C

Home Page:https://theldus.github.io/wsServer

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

wsserver via ssl in linux environment

focussing opened this issue · comments

commented

Situation description

I am running Debian 11 on a small Linux board on the local network whre also my PC is present.
On this board a C-application is running which reads all hardware. Within this C-application an instance of wsServer is running. Also on the board a http: webserver is running. When a website is opened on the board, it starts a ws-client to wsServer and the status of the hardware is communicated to the website via the websocket. This way the hardware status is shown in real-time on the webpage. Beautiful!

Item nr 1

The website can only open a websocket connection to the board when using the hostname or the IP address of the board.
When using localhost or 127.0.0.1 a connection is not created App.vue:104 WebSocket connection to 'ws://localhost:8080/' failed:.
So far so good, normally this would not be a big issue.
But.

Item nr 2

When the website is accessed from outside the local network via a router we have seen that the console of the browser window is showing a mixed content error Mixed Content: The page at xxx was loaded over HTTPS, but requested an insecure yyy. This is correct because in that situation the website is called via https: and the websocket connection would be opened via ws:

SSL support

I have read your instructions for enabling SSL, but I can't get it to work. In no situation a wss: connection is opened WebSocket connection to 'wss://10.7.52.120/' failed:. I tested with localhost, 127.0.0.1 and the board's IP address, none of them work.

I also tried a few other options for the stunnel config like the following, but also no positive result:

[wsServer]
cert = /etc/stunnel/server.pem
accept = 0.0.0.0:443
connect = localhost:8080

or

[wsServer]
cert = /etc/stunnel/server.pem
accept = 0.0.0.0:443
connect = <board ip-addres>:8080

even

[wsServer]
cert = /etc/stunnel/server.pem
accept = 0.0.0.0:443
connect = 8080

Could you help me with this please?
Looking forward to hearing from you

Best regards,
Raymond

commented

Hi @focussing,
I apologize for the (very) long delay in responding.
Were you able to resolve your issue?

Not being able to connect even as localhost is quite strange and definitely not expected!

I'm not exactly sure what to suggest... but is Stunnel listening on the expected port? You can check this with a command like:

$ netstat -ntlp

It's also possible to monitor the traffic using Wireshark to see if there are any connection attempts to Stunnel.

Besides that, you can consider using other tools for SSL on WebSocket, such as Nginx itself. There are various resources available on this topic, like NGINX to reverse proxy websockets AND enable SSL (wss://)?