I'm trying to work with socket.io first time.
I'm using Laravel 5.4, Laravel Echo and NodeJs server for Laravel Echo broadcasting with Socket.io..
I managed to make it work on my local as it supposed to work. But on server I get
an error
GET https://mydomain.server:6001/socket.io/socket.io.js net::ERR_CONNECTION_REFUSED
I do run the server before. I write correct address.
May be browser doesn't have access to that port or something?
Also I tried to access to the file with
curl -X GET https://mydomain.server:6001/socket.io/socket.io.js command.
But got
curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
I found out the solution.
Just set protocol, sslCertPath and sslKeyPath parameters in laravel-echo-server.json
"protocol": "https",
"sslCertPath": "path_to/server.crt",
"sslKeyPath": "path_to/server.key"
May be this will help you.
Firstly when you are connecting to socket and site is having ssl installed then use :
socket = io.connect('http://example.com:port', {'force new connection': true, 'secure': true});
Include above part in your script part on client side.
Secondly on server side in your for eg : server.js say use
var https = require('https');
var server = https.createServer({
key : fs.readFileSync('./sslkey.key'),
cert : fs.readFileSync('./ssl_certificate.crt')
},app);
Related
Helllo, I created a mosquitto broker via the eclipse docker image and recently followed this guide to add SSL/TLS support: http://www.steves-internet-guide.com/mosquitto-tls/.
When I am sshed in the VPS which is running the broker, I can use the command:
mosquitto_pub -h VPS_NAME -t test/topic -p 8883 --cafile ca.crt -m message -u BROKER_USERNAME -P BROKER_PASSWORD
and it publishes all fine and dandy. However when I run the same command on a local computer, I get the error:
'Unable to connect (Lookup error.).
I don't get any new logs from the broker container, so I think it's not even reaching the container. However when I run:
mosquitto_pub -h BROKER_IP_ADRESS -t test/topic -p 8883 --cafile ca.crt -m message -u BROKER_USERNAME -P BROKER_PASSWORD
I do get a response which is Error: A TLS error occured, and on my docker logs I get:
1583004287: New connection from LOCAL_IP_ADDRESS on port 8883.
1583004287: OpenSSL Error: error:14037438:SSL routines:ACCEPT_SR_KEY_EXCH:tlsv1 alert internal error
1583004287: OpenSSL Error: error:140370E5:SSL routines:ACCEPT_SR_KEY_EXCH:ssl handshake failure
1583004287: Socket error on client <unknown>, disconnecting.
I am only able to get a sucessful publish send when I add the --insecure command to the publish however I want to make sure the client knows that it's talking to the right server so I don't think this is the right solution.
In the end I want to run an mqtt client on a node application, I've tried this piece of code:
const fs = require('fs');
const optionsz = {
ca: [ fs.readFileSync(__dirname + '/ca.pem') ],
host: 'BROKER_IP_ADDRESS',
servername: 'VPS_NAME',
port: 8883,
rejectUnauthorized : false,
username : 'BROKER_USERNAME', // mqtt credentials if these are needed to connect
password : 'BROKER_PASSWORD',
clientId : 'test',
// Necessary only if the server's cert isn't for "localhost".
checkServerIdentity: () => { return null; },
};
class MqttHandler {
constructor() {
this.mqttClient = null;
};
connect() {
// Connect mqtt with credentials (in case of needed, otherwise we can omit 2nd param)
this.mqttClient = mqtt.connect(this.host, optionsz);
...
when I run this i keep getting disconnect events, and on my docker logs i get:
1583004505: New connection from LOCAL_IP_ADDRESS on port 8883.
1583004505: OpenSSL Error: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol
1583004505: Socket error on client <unknown>, disconnecting.
I am really confused on how to even tackle this issue, I've been able to connect to a broker without SSL/TLS protection, but I wanted to make my device communication more secure.
Thank you for your time!
2 separate problems here.
Looks like you don't have a valid DNS entry for your VPS. mosquitto_pub is failing because it can't resolve the name to an IP address. It works with the --insecure and the IP address because you are telling mosquitto_pub to ignore the fact that the CN or SANs in the brokers certificate doesn't include the IP address only the name.
You are trying to connect with raw MQTT not MQTT over TLS, you need to use a URL not just a hostname or the first argument of the connect() function. e.g.
this.mqttClient = mqtt.connect("mqtts://" + this.host, optionsz);
To be honest you need to fix both of these to get things working properly.
To fix 1 you need to sort your DNS entries out so you have a valid fully qualified hostname that points to your VPS and matches the certificate you've deployed there.
I have a Socket.io server running on port 3000 and when running it (and the website / client) locally everything works fine. But when I push it to the server the client can't connect anymore.
The production server is running over SSL so I assumed that I need the Socket.io server to run over SSL as well. I've setup it up like this:
var app = express();
var fs = require('fs');
var is_production = process.env.NODE_ENV === 'production';
if(is_production){
var options = {
key: fs.readFileSync('/etc/letsencrypt/live/mywebsite.com/privkey.pem'),
cert: fs.readFileSync('/etc/letsencrypt/live/mywebsite.com/cert.pem'),
requestCert: true
};
var server = require('https').createServer(options, app);
}else{
var server = require('http').createServer(app);
}
var io = require('socket.io')(server);
server.listen(3000);
This still doesn't work. I don't have much experience with Socket.io so any help would be appreciated. Also note that everything worked fine before I got an SSL certificate setup on the web server.
The client is connecting to ws://mywebsite.com:3000. I've tried using http://, https:// and wss:// as well, but nothing works.
EDIT: I've tried making a request through curl and I get the following error:
curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
I couldn't figure out what the problem was, so here's what I did.
I have Nginx running on the same server to serve my website so what I ended up doing was configuring Nginx to proxy all SSL connections to port 3000 and forward them to the node.js server running on port 8080. This way Nginx takes care of the SSL so the node.js server doesn't need any additional configuration.
I have an API running with express using https. For testing, I've been using tinycert.org for the certificates, which work fine on my machine.
I'm using docker to package up the app, and docker-machine with docker-compose to run it on a digital ocean server.
When I try to connect with Chrome, I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH. When running this with curl, I get a handshake failure: curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect.
I tried to debug with Wireshark's SSL dissector, but it hasn't given me much more info: I can see the "Client Hello" and then the next frame is "Handshake Failure (40)".
I considered that maybe node on the docker container has no available ciphers, but it has a huge list, so it can't be that. I'm unsure as to what's going on and how to remedy it.
EDIT
Here's my createServer() block:
let app = express();
let httpsOpts = {
key: fs.readFileSync("./secure/key.pem"),
cert: fs.readFileSync("./secure/cert.pem")
};
let port = 8080;
https.createServer(httpsOpts, app).listen(port);
I've had this problem for a really long time too, there's a weird fix:
Don't convert your certs to .pem; it works fine as .crt and .key files.
Add ca: fs.readFileSync("path to CA bundle file") to the https options.
It looks like your server is only sending the top certificate and the CA bundle file has the intermediate and root certificates which you'll need for non-browser use.
IMPORTANT! Reinstall or update node to the latest version.
You can use sudo apt-get upgrade if you're on Linux (it may take a while).
Re-download your certificate or get a new one.
If you are acting as your own certificate authority it could be not recognizing / trusting the certificate, so try testing your site on ssllabs.com.
If you're using the http2 API try adding allowHTTP1: true to the options.
I am making a request to a remote server using https and request, and getting a new error after updating node and request:
nes.get err: [Error: 140735207432576:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:../deps/openssl/openssl/ssl/s23_clnt.c:741:
I already have the protocol set to SSLv3, so I'm wondering why it appears to be using tlsv1.
https.globalAgent.options.secureProtocol = 'SSLv3_method';
I've also tried adding this to request's options:
secureProtocol: 'SSLv3_method'
This error did not occur with earlier versions of Node.js and request, but now with node v0.10.15 and request 2.26.0, it has surfaced. Any ideas? Thanks!
Update -- narrowed this down to something that changes between request 2.14.0 and 2.16.0. 2.14.0 works and 2.16.0 does not work.
Make sure you are making a secure request to the correct port.
I've received this error when attempting to make a secure request to port 80 instead of port 443.
I would fire up Wireshark to verify that the bits on the wire are what you think they should be.
I have installed Node.js with Socket.io on a CentOS server which is running Apache on port 80.
I created a socket test, which justs listens on port 8080.
If I curl the address localhost:8080 from within the server's shell, I get the Socket.io-welcome message. If I have a line like this:
<script src="http://localhost:8080/socket.io/socket.io.js"></script>
Then the browser cannot find the file.
A "solution" was to proxy requests to /nodejs/ to http://localhost:8080/, but this solution did not work for very long.
Is it possible to run the Node.js server when we have Apache installed? Which settings must be changed in order for us to access the url: http://server.com:8080 ? It seems the Node.js only accepts connections from localhost.
Problem is most probably in your node.js program.
It should listen on 0.0.0.0 and not 127.0.0.1 which is local only.
So where you've got something like:
.listen(8080, '127.0.0.1'); // '127.0.0.1' or 'localhost'
You should change it to:
.listen(8080); // or 0.0.0.0
Apache will only interfere if it also uses port 8080 but you should get an error when starting your node app if this is the case.
Also, if you connect to http://localhost in your browser, it will only work if the server is on the same local machine as the browser. Fine for testing I guess.
You'll have to connect to a domain or ip address if you have a hosted server else no browser will find it.
Update:
Your socket.io code also needs to connect correctly:
var socket = io.connect('http://correct.server.com:8080'); // not localhost
and your browser needs to load the javascript file from the correct place:
<script src="http://correct.server.com/socket.io/socket.io.js"></script> // not localhost
This might help with firewall / load balancer issues:
https://github.com/LearnBoost/socket.io/wiki/Socket.IO-and-firewall-software