wss connection failure for secure local site

Question

wss connection failure for secure local site

paul-adams-985 opened this issue 2 months ago · comments

Paul Adams commented 2 months ago

Reverb Version

1.0.0-beta6

Laravel Version

11.3.1

PHP Version

8.3

Description

I have a Laravel 11 project. Servers are managed locally with Herd. I have secured my site.
Everything works beautifully except Reverb - which is wonderful, btw!

 WebSocket connection to 'wss://my-site.test/app/xjdam3dnj7kmzzviunel?protocol=7&client=js&version=8.4.0-rc2&flash=false' failed: echo.js:6

in my .env

PUSHER_APP_ID=xxxx
PUSHER_APP_KEY=xxxxx
PUSHER_APP_SECRET=xxxx
PUSHER_HOST=
PUSHER_PORT=443
PUSHER_SCHEME=https
PUSHER_APP_CLUSTER=eu

VITE_APP_NAME="${APP_NAME}"
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_HOST="${PUSHER_HOST}"
VITE_PUSHER_PORT="${PUSHER_PORT}"
VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

REVERB_APP_ID=179981
REVERB_APP_KEY=xjdam3dnj7kmzzviunel
REVERB_APP_SECRET=hzeak0dakwzq5fdvn5sp
REVERB_HOST="my-site.test"
REVERB_PORT=443
REVERB_SCHEME=https

VITE_REVERB_APP_KEY="${REVERB_APP_KEY}"
VITE_REVERB_HOST="${REVERB_HOST}"
VITE_REVERB_PORT="${REVERB_PORT}"
VITE_REVERB_SCHEME="${REVERB_SCHEME}"

Any pointers and help would be much appreciated.

Paul :)

Steps To Reproduce

Secure site in Herd
Restart Reverb server
Review browser errors.

Paul Adams · Answer 1 · Tue Apr 16 2024 22:41:21 GMT+0800 (China Standard Time)

I have tried with the following added to the Herd NGINX config, but the problem remains
https://laravel.com/docs/11.x/reverb#web-server

location / {
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Scheme $scheme;
        proxy_set_header SERVER_PORT $server_port;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
 
        proxy_pass http://0.0.0.0:8080;
    }

Paul Adams · Answer 2 · Tue Apr 16 2024 22:45:23 GMT+0800 (China Standard Time)

Could you give me more direction on what info would best help?
Huge, enormous thanks :)

vdev-chris · Answer 3 · Tue Apr 16 2024 22:46:58 GMT+0800 (China Standard Time)

I am having the same issue. It's a brand new laravel 11 project. Installed broadcasting with reverb. It looks like the issue is related to the https connection. All of the guides I am finding are people using unsecure connections. Our local setup through herd secures the connection.

Any insight would be helpful.

Env looks like:

REVERB_APP_ID=local-app-id
REVERB_APP_KEY=local-app-key
REVERB_APP_SECRET=local-app-secret
REVERB_HOST="local-site-name.test"
REVERB_PORT=8080
REVERB_SCHEME=https

VITE_REVERB_APP_KEY="${REVERB_APP_KEY}"
VITE_REVERB_HOST="${REVERB_HOST}"
VITE_REVERB_PORT="${REVERB_PORT}"
VITE_REVERB_SCHEME="${REVERB_SCHEME}"

The error on page load is:

"WebSocket connection to 'wss://local-site-name.test:8080/app/a6l43rqquqjiesdgphb7?protocol=7&client=js&version=8.4.0-rc2&flash=false' failed: "

Dries Vints · Answer 4 · Tue Apr 16 2024 22:53:13 GMT+0800 (China Standard Time)

@paul-adams-985 just labeling this that this needs more info from Joe before proceeding.

Joe Dixon · Answer 5 · Tue Apr 16 2024 23:17:10 GMT+0800 (China Standard Time)

Hey @paul-adams-985 and @vdev-chris - could you please let me know which browser you are using?

Adittionally, please can you try the following steps:

Attempt to connect via WSS and confirm you see the error
Navigate to https://site.test:8080 in the browser (replacing site.test with your domain) - you should see a 404 here
Attempt to connect via WSS again

I have seen previously that navigating to the URL in the browser informs the browser to trust the certificate allowing the subsequent WSS connection.

vdev-chris · Answer 6 · Tue Apr 16 2024 23:23:53 GMT+0800 (China Standard Time)

@joedixon I was using Chrome.

Out of curiosity, I tried Firefox before following your instructions and Firefox was actually working fine.

I then followed your instructions and it began working.

Is this something that would need to happen every session?

Chrome is up to date, just as a further FYI.

Paul Adams · Answer 7 · Wed Apr 17 2024 01:38:39 GMT+0800 (China Standard Time)

Hello! Appologies for the delayed response.

It did not work for me. However, I do not get a regular 404, I get a "Not found." message.

I tried both Chrome and Firefox with my nginx modifications and then again with nginx returned to the original setup.

Here is the message on firefox.

vdev-chris · Answer 8 · Wed Apr 17 2024 01:46:10 GMT+0800 (China Standard Time)

Hello! Appologies for the delayed response.

It did not work for me. However, I do not get a regular 404, I get a "Not found." message.

I tried both Chrome and Firefox with my nginx modifications and then again with nginx returned to the original setup.

Here is the message on firefox.

That's the intended response, I believe. After you've loaded this page, you should be able to close it and refresh the page that is connecting to your local site. It immediately update for me.

To be clear, I had vite server up and running (through npm run dev). If you don't, you may need to rebuild?

vdev-chris · Answer 9 · Wed Apr 17 2024 01:47:29 GMT+0800 (China Standard Time)

Also, the port should still be 8080.

Paul Adams · Answer 10 · Wed Apr 17 2024 01:50:13 GMT+0800 (China Standard Time)

OMG. I noticed a differnce between the port setting on your config and mine. I had previously tried with your setup.
But this time, after the http://site.test:8080 trick, it worked!!!

I now have another bug to work through. Most likely my bad coding and nothing to do with Reverb.

Thanks guys. Keep up the good work...

P.S. Is it worth putting something in the docs?

vdev-chris · Answer 11 · Wed Apr 17 2024 01:57:43 GMT+0800 (China Standard Time)

Still bizarre that the out-of-the-box install has issues with browser certificate recognition.

Paul Adams · Answer 12 · Wed Apr 17 2024 02:03:05 GMT+0800 (China Standard Time)

Indeed. These things can take hours out of your day. I have posted a solution on the Laracasts Forum.

Paul Adams · Answer 13 · Wed Apr 17 2024 03:13:19 GMT+0800 (China Standard Time)

@joedixon and @driesvints Super-huge thanks for your fast responses and help.
We're all very appreciative of all that you do. If you would like me to submit a PR with a note in the documentation, let me know.

Joe Dixon · Answer 14 · Wed Apr 17 2024 04:14:18 GMT+0800 (China Standard Time)

Still bizarre that the out-of-the-box install has issues with browser certificate recognition.

I agree, but unfortunately, it's not that straightforward 🥴

Reverb uses the certificates provided by Valet or Herd. As I understand it, they add a trusted certificate authority to the keychain and use that to sign the ceritificate for the site. So, the certificates should be trusted and they are in Firefox and Safari. For some reason, Chrome doesn't trust them until the host has been accessed over HTTPS first.

I'll keep looking into it and see if anything can be done.

vdev-chris · Answer 15 · Wed Apr 17 2024 04:29:25 GMT+0800 (China Standard Time)

Appreciate it. It's quite ironic to me that Chrome would be the oddball in this case. Considering that both Safari and Firefox are known for tighter security lol

Paul Adams · Answer 16 · Wed Apr 17 2024 05:22:11 GMT+0800 (China Standard Time)

Quite. It's Chrome who needs to sort their game out on this one.

kevinrrm · Answer 17 · Tue Apr 30 2024 00:21:56 GMT+0800 (China Standard Time)

I'm still having the same error as you have. I have a server in cloudaways and they opened a port 6001 when I access the link with http://serverIP:6001 it returns the Not Found.

I'm having the NS_ERROR_NET_TIMEOUT in FireFox