Comments (9)
Oh Yes, specifically your implementation does not support ssl, I agree with that. And in my answer, I showed you how to add that support. I tested on a real server, though I don't use such libraries in production and wouldn't recommend it to anyone.
from php-websocket.
As already mentioned: This library does not support ssl/wss.
from php-websocket.
The websocket server does not support SSL by itself. You have to use a reverse-proxy (e.g. nginx) to handle the SSL traffic and pass it to the websocket server. Here is an Nginx example configuration for this part:
upstream websocketserver {
server localhost:8090;
}
server {
server_name your-deployment-url.com;
listen 8091;
ssl on;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_trusted_certificate /path/to/chain.pem;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
}
from php-websocket.
how to send cert connect wss://
I want a demo?
Socket.php
public function __construct(string $host = '127.0.0.1', int $port = 8000, string $protocol = 'tcp')
{
$this->setStreamContext();
$this->protocol = $protocol;
$this->host = $host;
$this->port = $port;
}
public function setStreamContext(array $options = [], array $params = []): void
{
$this->context = stream_context_create($options, $params);
}
public function bind(): void
{
$flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$url = $this->protocol . '://' . $this->host . ':' . $this->port;
$ctx = $this->context;
$this->master = stream_socket_server(
$url,
$errno,
$errstr,
$flags,
$ctx
);
if ($this->master === false) {
throw new \RuntimeException('Error creating socket: ' . $errstr);
}
$this->allsockets[] = $this->master;
}
further...
server.php
$server = new Server($ip, $port, 'ssl');
$server->setStreamContext([
'ssl' => [
'local_cert' => /path/to/cert,
'verify_peer_name' => false,
'verify_peer' => false,
'cipher' => 'ALL'
]
]);
from php-websocket.
At the risk of sounding ungrateful, the "This library does not support ssl/wss." statement isn't written anywhere, and is quite a kick in the teeth after working everything out and building out your application. If the above is all it takes to support SSL, why isn't it taken onboard?
from php-websocket.
@zanderwar Unfortunately it's not that simple. SSL was supported in Version 1 of this project and caused a lot of problems. The code mentioned above is the bare minimum, but a lot of things are missing. E.g. Certifficate Validation (SSL Certs can come in different Formats), Cert Renewal, Performance, ...
The code of this project is supposed to be small, simple and easy to use. There are other projects like https://github.com/ratchetphp/Ratchet which already support SSL an work very well.
So for this project I decided to not support it. It is still possible to use this websocket server with SSL using a reverse proxy like e.g. nginx. (See my first answer)
from php-websocket.
Thanks, if you could add a note into your README that SSL is not supported, you may save someone silly like me an entire week of development. I've written over a dozen action endpoints.
E.g. Certifficate Validation (SSL Certs can come in different Formats), Cert Renewal, Performance
None of these are anything this package would need worry about lol, that's on the end user..
For anyone else: zanderwar@544b73e
Use certbot (by Let's Encrypt) too if you suck at dealing with certificates
$server->setStreamContext([
'ssl' => [
'local_cert' => "/etc/letsencrypt/live/ws.xxxxxxx.com/fullchain.pem",
'local_pk' => "/etc/letsencrypt/live/ws.xxxxxxx.com/privkey.pem",
'allow_self_signed' => true,
'verify_peer_name' => false,
'verify_peer' => false,
'cipher' => 'ALL'
]
]);
.. done
Have at it.
from php-websocket.
Thanks, if you could add a note into your README that SSL is not supported, you may save someone silly like me an entire week of development. I've written over a dozen action endpoints.
E.g. Certifficate Validation (SSL Certs can come in different Formats), Cert Renewal, Performance
None of these are anything this package would need worry about lol, that's on the end user..
For anyone else: zanderwar@544b73e
Use certbot (by Let's Encrypt) too if you suck at dealing with certificates
$server->setStreamContext([ 'ssl' => [ 'local_cert' => "/etc/letsencrypt/live/ws.xxxxxxx.com/fullchain.pem", 'local_pk' => "/etc/letsencrypt/live/ws.xxxxxxx.com/privkey.pem", 'allow_self_signed' => true, 'verify_peer_name' => false, 'verify_peer' => false, 'cipher' => 'ALL' ] ]);
.. done
Have at it.
@zanderwar
But as far as I could see, with your approach we don't have a way to Push notifications to clients.
Am I missing something?
How can I push a new message using the code in your master?
@nekudo
I have the apache server configured already. I also tried to use let's encrypt and cloudflare, but had no success on connecting.
The nginx would still be the best solution?
Thanks folks.
from php-websocket.
For anyone looking for how to configure it with nginx (myself included in the future), I did something similar to what @nekudo mentioned above.
Here's how I did.
- Installed apache on port 8080 without SSL
- Installed nginx as a reverse proxy
- Installed certbot for nginx
- Configured my server.php to run on port 3002
- Added the block suggested by @nekudo in a new file
/etc/nginx/sites-available/websocket.com
as follows:
upstream websocketserver {
server localhost:3002;
}
server {
listen 3001;
server_name localhost;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
ssl on;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxx.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
The SSL part I copied from the other website using let's encrypt.
In the frontend I now point to wss://mysite.com:3001, which is the port served with SSL by nginx, but internally it goes to 3002, served by the server with bloatless/php-websocket.
Cloudflare
If you're using Cloudflare, you may choose a different port in nginx (i.e.: 2096).
Otherwise you'll not be able to connect to wss when enable Cloudflare, because it will not map 3001 as a secure port.
Hope this helps.
Further reading
- How To Configure Nginx as a Web Server and Reverse Proxy for Apache on One Ubuntu 18.04 Server
- Update: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX
- Identifying network ports compatible with Cloudflare's proxy
from php-websocket.
Related Issues (20)
- Publish on packagist HOT 1
- Use php5 HOT 1
- How to keep long connection? HOT 1
- Server drops messages HOT 3
- StatusApplication may loose clients HOT 4
- Adding a Client.php Message Listener HOT 3
- WebSocketServer behind haproxy HOT 3
- Typo HOT 1
- socket_create(): Unable to create socket [10047]: An address incompatible with the requested protocol was used HOT 9
- socket_bind creates file in /tmp, but www-data has no permissions to it HOT 1
- Missing client documentation HOT 1
- Do not accept new connection after running for a while (+/- 1h)
- Can't set timer
- Class "Bloatless\WebSocket\Examples\Application\Chat" not found HOT 1
- PHP Warning: Private methods cannot be final as they are never overridden by other classes
- how to do private message using php-websocket Bloatless V2.0 ? HOT 2
- how to implement private chat in DemoApplication as in StatusAplication?
- Release v3.0.2 HOT 2
- Possibility to close a Websocket Server?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-websocket.