Home > Enterprise >  Error setting up wss server: works on localhost, but not with ip address
Error setting up wss server: works on localhost, but not with ip address

Time:03-17

I'm having issues setting up a wss server (Secure Websocket Server) in node.js. When we run the server and test it using an online websocket tester and connect to wss://localhost:8888 it works. But when we connect to wss://my_ip:8888 (ip found with ifconfig) it results in the error index.js:15 WebSocket connection to 'wss://192.168.1.217:8888/' failed.

I've made a git repository for easy testing: https://github.com/DaanS8/wss_error

Possible useful info

We pinged the ip on the port 8888 with `telnet my_ip 8888` which was successful. Any other port fails, which means it is listening?

Chrome behaves differently then Firefox, in chrome localhost works but in Firefox localhost doesn't even work whilst using the same tests on the online websocket tester.

The code is running on a ubuntu vm on a windows machine. It seems the ubuntu vm doesn't have its own firwall (sudo ufw status results in error), just turning of the windows firewall doesn't change the errors.

The certificates were generated with the following commands:

openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
      Enter pass phrase for myCA.key:
      Country Name (2 letter code) [AU]:BE
      State or Province Name (full name) [Some-State]:Vlaams-Brabant
      Locality Name (eg, city) []:Leuven
      Organization Name (eg, company) [Internet Widgits Pty Ltd]:KU Leuven
      Organizational Unit Name (eg, section) []:Pno
      Common Name (e.g. server FQDN or YOUR name) []:Team x
      Email Address []:[email protected]

openssl rsa -in myCA.key -text > private.pem

My main sources:

Code

main.ts:

// Minimal amount of secure websocket server
var fs = require('fs');

// read ssl certificate
var privateKey = fs.readFileSync('certs/private.pem', 'utf8');
var certificate = fs.readFileSync('certs/myCA.pem', 'utf8');

var credentials = { key: privateKey, cert: certificate };
var https = require('https');

//pass in your credentials to create an https server
var httpsServer = https.createServer(credentials);
httpsServer.listen(8888);

var WebSocketServer = require('ws').Server;
var wss = new WebSocketServer({
    server: httpsServer
});

wss.on('connection', function connection(ws) {
    ws.on('message', function incoming(message) {
        console.log('received: %s', message);
        ws.send('reply from server : '   message)
    });

    ws.send('something');
}); 

See github for keys etc.

CodePudding user response:

Try using cloudflaired
for download : Click here
tutorial : Click here
it may be the problem of firewall rules, and other factors

EDIT:
This program packs a lightweight server that acts as a bridge from your computer to cloudflair servers. This hosts the site on a temporary subdomain for free
if you are having a cloudflair account, it will help with setting and configuring static permanent urls instead of dynamically changing every time
Sorry I don't know about the pricing as I use the free plan for more info visit the docs
Because of this it can bypass many windows restrictions (like firewall) isp restrictions (like nat), etc. So you can focus on the project
Also this works even out of your lan. Just so you know it also works outside the lan. so to share a quick preview to others.

CodePudding user response:

Your "online websocket tester" doesn't provide easily readible source code, so it is not clear what is failing. My guess: TLS cert validation is failing. (Browsers may have own rules for localhost, so it may be working for localhost in some browsers).

You are connecting to the IP, but cert is generated Common Name: Team x. Correct TLS client implementation should reject this kind of TLS connection, because server name is not matching TLS CN name ('IP'!='Team x').

Solutions:

1.) Generate proper TLS certificate, where Common Name is matching used IP. This is a proper secure solution for your use case (usually server FQDN is used, because domain is used for connection and not the server IP).

2.) Use websocket client, which provides option to disable cert verification.

3.) Open https://IP:8888 and add browser TLS exception for used cert. Exception should be applied also for wss protocol then.

  • Related