how to send cert connect wss:// about php-websocket HOT 9 CLOSED

Oh Yes, specifically your implementation does not support ssl, I agree with that. And in my answer, I showed you how to add that support. I tested on a real server, though I don't use such libraries in production and wouldn't recommend it to anyone.

from php-websocket.

As already mentioned: This library does not support ssl/wss.

from php-websocket.

The websocket server does not support SSL by itself. You have to use a reverse-proxy (e.g. nginx) to handle the SSL traffic and pass it to the websocket server. Here is an Nginx example configuration for this part:

upstream websocketserver {
        server localhost:8090;
}

server {
        server_name your-deployment-url.com;

        listen 8091;
        ssl on;
        ssl_certificate /path/to/fullchain.pem;
        ssl_certificate_key /path/to/privkey.pem;
        ssl_trusted_certificate /path/to/chain.pem;

        location / {
                proxy_pass http://websocketserver;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
                proxy_redirect off;
        }
}

from php-websocket.

how to send cert connect wss://
I want a demo?

Socket.php

public function __construct(string $host = '127.0.0.1', int $port = 8000, string $protocol = 'tcp')
    {
        $this->setStreamContext();

        $this->protocol = $protocol;
        $this->host = $host;
        $this->port = $port;
    }

    public function setStreamContext(array $options = [], array $params = []): void
    {
        $this->context = stream_context_create($options, $params);
    }

    public function bind(): void
    {
        $flags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
        $url = $this->protocol . '://' . $this->host . ':' . $this->port;
        $ctx = $this->context;

        $this->master = stream_socket_server(
            $url,
            $errno,
            $errstr,
            $flags,
            $ctx
        );

        if ($this->master === false) {
            throw new \RuntimeException('Error creating socket: ' . $errstr);
        }

        $this->allsockets[] = $this->master;
    }

further...

server.php

$server = new Server($ip, $port, 'ssl');

$server->setStreamContext([
    'ssl' => [
        'local_cert' => /path/to/cert,
        'verify_peer_name' => false,
        'verify_peer' => false,
        'cipher' => 'ALL'
   ]
]);

from php-websocket.

At the risk of sounding ungrateful, the "This library does not support ssl/wss." statement isn't written anywhere, and is quite a kick in the teeth after working everything out and building out your application. If the above is all it takes to support SSL, why isn't it taken onboard?

from php-websocket.

@zanderwar Unfortunately it's not that simple. SSL was supported in Version 1 of this project and caused a lot of problems. The code mentioned above is the bare minimum, but a lot of things are missing. E.g. Certifficate Validation (SSL Certs can come in different Formats), Cert Renewal, Performance, ...
The code of this project is supposed to be small, simple and easy to use. There are other projects like https://github.com/ratchetphp/Ratchet which already support SSL an work very well.
So for this project I decided to not support it. It is still possible to use this websocket server with SSL using a reverse proxy like e.g. nginx. (See my first answer)

from php-websocket.

Thanks, if you could add a note into your README that SSL is not supported, you may save someone silly like me an entire week of development. I've written over a dozen action endpoints.

E.g. Certifficate Validation (SSL Certs can come in different Formats), Cert Renewal, Performance

None of these are anything this package would need worry about lol, that's on the end user..

For anyone else: zanderwar@544b73e

Use certbot (by Let's Encrypt) too if you suck at dealing with certificates

$server->setStreamContext([
	'ssl' => [
		'local_cert' => "/etc/letsencrypt/live/ws.xxxxxxx.com/fullchain.pem",
		'local_pk' => "/etc/letsencrypt/live/ws.xxxxxxx.com/privkey.pem",
		'allow_self_signed' => true,
		'verify_peer_name' => false,
		'verify_peer' => false,
		'cipher' => 'ALL'
	]
]);

.. done

Have at it.

from php-websocket.

Thanks, if you could add a note into your README that SSL is not supported, you may save someone silly like me an entire week of development. I've written over a dozen action endpoints.

E.g. Certifficate Validation (SSL Certs can come in different Formats), Cert Renewal, Performance

None of these are anything this package would need worry about lol, that's on the end user..

For anyone else: zanderwar@544b73e

Use certbot (by Let's Encrypt) too if you suck at dealing with certificates

$server->setStreamContext([
	'ssl' => [
		'local_cert' => "/etc/letsencrypt/live/ws.xxxxxxx.com/fullchain.pem",
		'local_pk' => "/etc/letsencrypt/live/ws.xxxxxxx.com/privkey.pem",
		'allow_self_signed' => true,
		'verify_peer_name' => false,
		'verify_peer' => false,
		'cipher' => 'ALL'
	]
]);

.. done

Have at it.

@zanderwar
But as far as I could see, with your approach we don't have a way to Push notifications to clients.
Am I missing something?
How can I push a new message using the code in your master?

@nekudo
I have the apache server configured already. I also tried to use let's encrypt and cloudflare, but had no success on connecting.
The nginx would still be the best solution?

Thanks folks.

from php-websocket.

For anyone looking for how to configure it with nginx (myself included in the future), I did something similar to what @nekudo mentioned above.

Here's how I did.

1. Installed apache on port 8080 without SSL
2. Installed nginx as a reverse proxy
3. Installed certbot for nginx
4. Configured my server.php to run on port 3002
5. Added the block suggested by @nekudo in a new file /etc/nginx/sites-available/websocket.com as follows:

upstream websocketserver {
    server localhost:3002;
}
server {
  listen 3001;
  
  server_name localhost;
  
  location / {
      proxy_pass http://websocketserver;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
      proxy_redirect off;
  }
    ssl on;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/xxx.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xxx.com-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  }

The SSL part I copied from the other website using let's encrypt.

In the frontend I now point to wss://mysite.com:3001, which is the port served with SSL by nginx, but internally it goes to 3002, served by the server with bloatless/php-websocket.

Cloudflare
If you're using Cloudflare, you may choose a different port in nginx (i.e.: 2096).
Otherwise you'll not be able to connect to wss when enable Cloudflare, because it will not map 3001 as a secure port.

Hope this helps.

Further reading

• How To Configure Nginx as a Web Server and Reverse Proxy for Apache on One Ubuntu 18.04 Server
• Update: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX
• Identifying network ports compatible with Cloudflare's proxy

from php-websocket.