Issue using webscokets over wss

pundabuyer · February 13, 2023, 9:12am

Hi All,

I have managed to just get websockets working on my server. i have a page Document that connects to a nodejs app located on ws.trivia.house.

when i switch to use wss at Document the service fails althouh i have a letencrypt certificate covering wildcard of *trivia.house and covering ws.trivia.house. can someone help me please?

the failure is:

WebSocket connection to 'wss://ws.trivia.house:8080/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR

My domain is:
trivia.house
(websocket subdomain) ws.trivia.house

I can login to a root shell on my machine

I'm using a Plesk to manage my site

rg305 · February 13, 2023, 9:49am

Hi @pundabuyer, and welcome to the LE community forum

I have no way of troubleshooting "wss://".
That said, I do have some questions.
Correct me where I'm wrong:

HTTP
====
insecure = http://trivia.house/client.html
secure   = https://trivia.house/clientssl.html

WEB SOCKET
==========
insecure = wss://ws.trivia.house:8080/
secure   = wss://ws.trivia.house:8080/  ???
  OR
secure   = wss://ws.trivia.house:8443/  ???

Are you trying to use the same socket port for both secure and insecure connections?
Are all these ports accessible from the Internet?
How do you test?

pundabuyer · February 13, 2023, 10:56am

Hi!

Thank you for responding.

So yes, let me confirm:

HTTP

insecure call to web socket = Document
secure call to web socket = Document

WEB SOCKET

insecure socket = ws://ws.trivia.house:8080/
secure socket = wss://ws.trivia.house:8080/

I only want to use the socket for secure connections but yes it can be used for both i believe - i didnt realise there was a difference as its the connecting protocol that differs not the js app. should it be using a different port?

The socket app is only running on port 8080 and yes it is accessible.

If you go to Document and use the inspect function to see console you will see success

Do the same for Document and you will see failures.

pundabuyer · February 13, 2023, 5:04pm

Can anyone help more please?

Bruce5051 · February 13, 2023, 5:20pm

I suggest reading

Bruce5051 · February 13, 2023, 5:26pm

I see this with Windows 10 Chrome Version 110.0.5481.78 (Official Build) (64-bit)

Bruce5051 · February 13, 2023, 5:27pm

I see this with Windows 10 Chrome Version 110.0.5481.78 (Official Build) (64-bit)

Bruce5051 · February 13, 2023, 5:29pm

And with curl

$ curl -Ii http://trivia.house/client.html
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Feb 2023 17:28:08 GMT
Content-Type: text/html
Content-Length: 682
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 13 Feb 2023 17:01:12 GMT
ETag: "2aa-5f497cb543af4"
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Powered-By: PleskLin

$ curl -Ii https://trivia.house/client.html
HTTP/2 200
server: nginx
date: Mon, 13 Feb 2023 17:28:28 GMT
content-type: text/html
content-length: 682
x-accel-version: 0.01
last-modified: Mon, 13 Feb 2023 17:01:12 GMT
etag: "2aa-5f497cb543af4"
accept-ranges: bytes
vary: Accept-Encoding
x-powered-by: PleskLin

rg305 · February 13, 2023, 5:35pm

That seems problematic.
You should separate the secure from the insecure socket.

Osiris · February 13, 2023, 6:33pm

I'm not that familiar with WebSockets, but indeed, that does look problematic.

Maybe you can explain a little bit more about how you've set up that WebSockets service. I'm assuming Node.js (ugh..) from your initial post? But how exactly?

pundabuyer · February 13, 2023, 6:38pm

Hi all thanks for all the replies. I should have been a little clearer.. I was only using unsecure sockets whilst i set up now i only want to use secure so staying on port 8080 should be ok. You can ignore the 'ws' version.

For context, it is a js file that creates the socket server running on nodejs.

the code in the js app is:

var WebSocket = require('ws');
var server = new WebSocket.Server({port: 8080});
console.log('Listening on port 8080...');

server.on('connection', function(socket) {
console.log('Client has connected');

socket.on('message', function(message) {
console.log('Received from client: %s', message);
socket.send('Server received message from client: ' + message);
});
});

Osiris · February 13, 2023, 6:45pm

I'm not that familiar with Node.js, but I'm not seeing any TLS configuration in that piece of code?

If you secure your webserver on port 443, that doesn't mean your Node.js service automatically will too.

pundabuyer · February 13, 2023, 6:50pm

I found further code that could work but I don't know where to find the cert and key files?

const WebSocket = require("ws").Server;
const HttpsServer = require('https').createServer;
const fs = require("fs");

server = HttpsServer({
cert: fs.readFileSync("??"),
key: fs.readFileSync("??")
})
socket = new WebSocket({
server: server
});

console.log('Listening on port 8080...');

server.on('connection', function(socket) {
console.log('Client has connected');

socket.on('message', function(message) {
console.log('Received from client: %s', message);
socket.send('Server received message from client: ' + message);
});
});

Bruce5051 · February 13, 2023, 6:51pm

I would suggest the same location that your nginx server is getting them from.

pundabuyer · February 13, 2023, 7:07pm

nginx refers to the same file for key and cert

Osiris · February 13, 2023, 7:08pm

Please show the nginx configuration. It usually has the key and cert separately.

pundabuyer · February 13, 2023, 7:11pm

what is the file i should be looking at? I'm not familiar with nginx

Bruce5051 · February 13, 2023, 7:12pm

/etc/nginx/nginx.conf

rg305 · February 13, 2023, 7:14pm

There are better places to get familiar with nginx than this forum

Osiris · February 13, 2023, 7:14pm

Well, you claim nginx is using the same file for key and cert, so obviously you've looked at something, right? Something with ssl_certificate and (optional) ssl_certificate_key.