Can't connect to webrtc-star with ssl

Users and Developers js
21

ive posted a job on codementor for a paid solution / helper

https://www.codementor.io/u/dashboard/my-requests/curcp73n3a

22

You’ll also need: mod_proxy_wstunnel - Apache HTTP Server Version 2.4

You should be asking in an Apache support channel!

23

Guys thanks for your assistance so far, I’ve continued to struggle with the SSL setup of wws on the server, which is failing.

My new setup where I run my application runs app.xxx.com.conf on port 8765 which talks to the libp2p.xxx.com subdomain to engage libp2p on port 14577:

app.xxx.com.conf

server {
server_name app.xxx.com;
root /home/xxx/public_html/app;
index index.html;
location / {
proxy_pass http://localhost:8765;

if ($request_method = ‘OPTIONS’) {
add_header ‘Access-Control-Allow-Origin’ ‘’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
#
# Custom headers and headers various browsers should be OK with but aren’t
#
add_header ‘Access-Control-Allow-Headers’ ‘DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range’;
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header ‘Access-Control-Max-Age’ 1728000;
add_header ‘Content-Type’ ‘text/plain; charset=utf-8’;
add_header ‘Content-Length’ 0;
return 204;
}
if ($request_method = ‘POST’) {
add_header ‘Access-Control-Allow-Origin’ '’ always;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’ always;
add_header ‘Access-Control-Allow-Headers’ ‘DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range’ always;
add_header ‘Access-Control-Expose-Headers’ ‘Content-Length,Content-Range’ always;
}
if ($request_method = ‘GET’) {
add_header ‘Access-Control-Allow-Origin’ ‘*’ always;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’ always;
add_header ‘Access-Control-Allow-Headers’ ‘DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range’ always;
add_header ‘Access-Control-Expose-Headers’ ‘Content-Length,Content-Range’ always;
}

}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.xxx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.xxx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = app.xxx.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
server_name app.xxx.com;
return 404; # managed by Certbot

}

I’m still confused between some of the nuances such as 127.0.01 vs localhost,

my libp2p.xxx.com.conf,

server {
server_name libp2p.xxx.com;
root /home/xxx/public_html/libp2p;
index index.html;
location / {
proxy_pass http://localhost:14577;

}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/libp2p.xxx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/libp2p.xxx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = libp2p.xxx.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
server_name libp2p.xxx.com;
return 404; # managed by Certbot

}

my application halts with an error

vendor.js:196874 WebSocket connection to ‘wss://app.xxx.com/sockjs-node/760/g5cqgxm4/websocket’ failed:

24

Looks like the error was cut off. Check nginx error.log file, many ppl who report these types of errors seem to report that the webserver(nginx) was unable to connect to the websocket application(the go application?), due to FW or other configuration.

Also, I don’t think your config is complete: Using NGINX as a WebSocket Proxy

I think you’re missing:

if ($request_method = ‘GET’) {
    location /sockjs-node/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}
25

Greetings,
I’d stumbled upon the same problem and was able to solve it by modifying ‘libp2p-webrtc-star-signalling-server’ package. By default signalling-server module is not configured to work via SSL\TLS and it is easily fixed.
Modifications I’ve made:

  1. In /src/index.js file, upon Hapi server creation, pass tsl parameter with cert and key values (wich are provided with options argument).
const http = new Hapi.Server({
      ...config.hapi.options,
      port,
      host,
      tls: {
        key: options.key,
        cert: options.cert
      }
    })
  1. In /src/routes-ws/index.js, upon socket server creation, add parameter ‘secure’ for wss:// connection.
const io = socketIO({
    allowEIO3: true, // allow socket.io v2 clients to connect
    secure: true // allow wss connection
  })
  1. Final step is to pass TSL certificate and its key in options object upon signalling server start.
const { start } = require('libp2p-webrtc-star-signalling-server')

const signalling_server = start({
                port: 5002,
                host: '0.0.0.0',
                metrics: false,
                key : fs.readFileSync('./privkey.pem'),
                cert : fs.readFileSync('./cert.pem')
 })

Hope this helps.

1 Like