MongooseIM version: 6.1.0 Installed from: pkg Erlang/OTP version: <p dir="

thank you so much <a class="user-mention notranslate" data-hovercard-type="user" data-

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

How to use wss ? about mongooseim HOT 4 CLOSED

alvinlal commented on May 28, 2024

How to use wss ?

from mongooseim.

Comments (4)

alvinlal commented on May 28, 2024 1

thank you so much @chrzaszcz , verify_mode = "none" worked, i guess i misread the documentation

from mongooseim.

chrzaszcz commented on May 28, 2024

Hi @alvinlal. The module option you shared is only valid for c2s listeners, and not for http. See the complete list of allowed TLS options for HTTP listeners:

The options accepted here are: verify_mode, certfile, cacertfile, ciphers, keyfile, password, versions, dhfile. They have the same semantics as the corresponding c2s options for just_tls.

What it means is that there is no module option because the module used for HTTP is always just_tls - so you can simply omit this option.

One thing to note is that MongooseIM does not close WebSocket connections if peer verification fails. Only the pki authentication method can change this behaviour. We are planning to address this in the future.

from mongooseim.

alvinlal commented on May 28, 2024

thanks @chrzaszcz for the clarification. But i am still having trouble connecting to secure websocket endpoint of mongooseim. I am using the javascript websocket api to connect to mongooseim and i am getting websocket connection failed error on the browser. i have obtained a valid certificate-key pair from letsencrypt and specified its path in the mongooseim.toml file. This is my config for the secure websocket endpoint (wss) in mongooseim.toml file👇

[[listen.http]]
  port = 5285
  transport.num_acceptors = 10
  transport.max_connections = 1024
  tls.verify_mode = "peer"
  tls.certfile = "/etc/letsencrypt/live/myxmppsite.com/fullchain.pem"
  tls.keyfile = "/etc/letsencrypt/live/myxmppsite.com/privkey.pem"
  tls.cacertfile = "/etc/letsencrypt/live/myxmppsite.com/fullchain.pem"

  [[listen.http.handlers.mod_bosh]]
    host = "_"
    path = "/http-bind"

  [[listen.http.handlers.mod_websockets]]
    host = "_"
    path = "/ws-xmpp"

This is what is being logged to the latest mongooseim log file in /var/log/mongooseim folder when the browser attempts the connection.

when=2023-12-23T18:06:51.557669+00:00 level=info pid=<0.7470.0> at=supervisor:report_progress/2:1563 report="[{supervisor,{<0.7470.0>,tls_dyn_connection_sup}},{started,[{pid,<0.7472.0>},{id,receiver},{mfargs,{ssl_gen_statem,start_link,[server,<0.7471.0>,\"localhost\",5285,#Port<0.60>,{#{next_protocols_advertised => [<<\"h2\">>,<<\"http/1.1\">>],
sni_fun => #Fun<ssl.11.44732120>,cookie => true,psk_identity => undefined,protocol => tls,supported_groups => {supported_groups,[x25519,x448,secp256r1,secp384r1]},renegotiate_at => 268435456,crl_cache => {ssl_crl_cache,{internal,[]}},fail_if_no_peer_cert => true,verify => verify_peer,secure_renegotiate => true,certs_keys => [#{certfile => <<\"/etc/letsencrypt/live/myxmppsite.com/fullchain.pem\">>,
keyfile => <<\"/etc/letsencrypt/live/myxmppsite.com/privkey.pem\">>}],stateless_tickets_seed => undefined,session_tickets => disabled,signature_algs => [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256,rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,{sha512,ecdsa},{sha384,ecdsa},
{sha256,ecdsa}],honor_cipher_order => false,user_lookup_fun => undefined
,cacerts => undefined,log_level => notice,partial_chain => #Fun<ssl.5.44732120>,customize_hostname_check => [],eccs => {elliptic_curves,[{1,3,132,0,39},{1,3,132,0,38},{1,3,132,0,35},{1,3,36,3,3,2,8,1,1,13},{1,3,132,0,36},{1,3,132,0,37},{1,3,36,3,3,2,8,1,1,11},{1,3,132,0,34},{1,3,132,0,16},{1,3,132,0,17},{1,3,36,3,3,2,8,1,1,7},{1,3,132,0,10},{1,2,840,10045,3,1,7}]},versions => [{3,4},{3,3}],
crl_check => false,alpn_preferred_protocols => [<<\"h2\">>,<<\"http/1.1\">>],handshake => full,anti_replay => undefined,signature_algs_cert => undefined,client_renegotiation => true,ciphers => [<<19,2>>,<<19,1>>,<<19,3>>,<<19,4>>,<<19,5>>,<<\"À,\">>,<<\"À0\">>,<<\"À\">>,<<\"À¯\">>,<<\"À$\">>,<<\"À(\">>,<<204,169>>,<<204,168>>,<<\"À+\">>,<<\"À/\">>,<<\"À¬\">>,<<\"À®\">>,<<\"À.\">>,<<\"À2\">>,<<\"À&\">>,<<\"À*\">>,<<\"À-\">>,<<\"À1\">>,<<\"À#\">>,<<\"À'\">>,<<\"À%\">>,<<\"À)\">>,<<0,...>>,<<...>>|...],...}
,{socket_options,binary,raw,0,0,false},[{option_tracker,<0.1961.0>},{session_tickets_tracker,disabled},{session_id_tracker,<0.1962.0>}]},<0.1969.0>,{gen_tcp,tcp,tcp_closed,tcp_error,tcp_passive}]}},
{restart_type,temporary},{significant,true},{shutdown,5000},{child_type,worker}]}]" label={supervisor,progress}

I am using this line of code in javascript to connect to the endpoint

const socket = new WebSocket('wss://myxmppsite.com:5285/ws-xmpp');

I am getting this error in browser 👇

WebSocket connection to 'wss://myxmppsite.com:5285/ws-xmpp' failed:

Connection to the ws:// (non-secure) endpoint works fine though , Could you point me in the right direction for wss ?

from mongooseim.

chrzaszcz commented on May 28, 2024

WebSocket connection to 'wss://myxmppsite.com:5285/ws-xmpp' failed:

This error message gives me no information.

tls.cacertfile = "/etc/letsencrypt/live/myxmppsite.com/fullchain.pem"

This is wrong, because fullchain.pem is not the CA certificate. You could start with verify_mode = "none" for now.

from mongooseim.

How to use wss ? about mongooseim HOT 4 CLOSED

Comments (4)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent