Web socket connection does not work over SSL - javascript

I have Web Socket that works perfectly fine on localhost and production (https://www.example.com) environment.
However, when I deploy the same code to pp environment (https://pp.example.com) I get WebSocket handshake: Unexpected response code: 404
I have AWS certificate manager generated certificate for domain example.com, with additional domain name www.example.com and pp.example.com
www.example.com and pp.example.com are sitting on different server so they have different ip addresses.
When I go to www.example.com and make the following call,
let ws = new WebSocket("wss://www.example.com/ws");
It works perfectly fine.web socket is connected.
However, when I switch to pp.example.com and make the following call
let ws = new WebSocket("wss://pp.example.com/ws");
I get error from Safari, Firefox and Chrome:
WebSocket connection to 'wss://pp.example.com/ws' failed: Error during
WebSocket handshake: Unexpected response code: 404
Any ideas?
The code are exactly the same.
They are deployed on aws beanstalk.
production environment is using global accelerator + application load balancer + EC2
pp environment is using classic load balancer + EC2

The problems lies in load balancer's listener.
I was using HTTPS for traffic forwarding, while web socket works on TCP level, therefore, it should be SSL TCP instead.
See the attached screenshot at the following for load balancer

Related

How to fix Error: SSL connect error when connecting to aws ec2 instance

I just created an EC2 instance for my web server and I run into this whenever i try connecting to it:
This site can’t provide a secure connection
18.170.25.198 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Just connect on http, it works for me
http://18.170.25.198:8001/api

Graphql server - Can't access via IP address url (localhost works fine)

I would like to link my Expo(React Native) app to local GraphQL backend,
http://localhost:4000/ <- Works fine
http://192.168.X.X:4000/ <- This doesn't work
I do see the Apollo Studio page, but it comes up with the below message:
Unable to reach server
Network requests from Studio on HTTPS to your HTTP endpoint are not secure,
so we cannot introspect your endpoint.
https://studio.apollographql.com/sandbox/explorer
Apollo Studio has a special exception that allows it to communicate with "localhost" over http, but all other endpoints must be over https.
If you (like me) are running virtual machines on your local machine and need to use Apollo Studio, the only solutions are to make the connection https somehow, or forward a port in your host OS so that you can access it via localhost. How to do THAT depends on your OS.

Websocket returns status 200 instead of 101 (flask socket.io)

I've done quite a bit of reading around to try and solve this issue but I'm still stuck. My problem is with trying to get the websocket handshake to complete using socket.io client side and flask_socket.io server side.
I can run the flask development server on my local machine using:
app = Flask(__name__)
app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
socketio = SocketIO(app)
socketio.run(app)
...
and if I point chrome to localhost:5000 and press the button which I have linked to opening a websocket it works fine and chrome network tab shows status 101.
However on uploading the code to a remote machine and again using flask's development server but changing the port to 80,
socketio.run(app,host='0.0.0.0',port=80)
the websocket handshake stops working and gives status 200 instead.
WebSocket connection to 'ws://example.com/socket.io/?EIO=3&transport=websocket&sid=cfb1949b243b42578fe422782a0db359' failed: Error during WebSocket handshake: Unexpected response code: 200
All websocket messages are now sent over xhr polling instead of inside the websocket frame.
I've followed all of the guides I can find on google relating to this but with no success. I was previously using nginx and gunicorn and followed the advice to change the nginx conf to allow upgrade to websockets but that didn't solve the problem. So I simplified to using the flask development server but I still haven't been able to get a successful handshake.
I found a solution after finding a similar problem posted here https://nolanlawson.com/2013/05/31/web-sockets-with-socket-io-node-js-and-nginx-port-80-considered-harmful/#comment-85425.
It turns out many public wifi networks block websockets when they are running on port 80. However often ports 443 and 8080 are not blocked. You can find out which ports are blocked from this website: http://websocketstest.com/. I just moved the address of my websocket from example.com to example.com:8080.
I ran into a similar problem but due to a different reason. When using flask-socketio you have to install gevent-websocket or else it's going to use long-polling and you'll see a lot of 200 responses. Thus, my solution to that problem was just.
pip install gevent-websocket

How can I establish a secure connection to a websocket on localhost?

We have an application which we run on a POS terminal, that should receive data from an application running on the same machine, while displaying content from a remote site which is loaded over HTTPS.
To receive the data from the local application, we want to use websockets, which is working fine so far. However, when the site we're displaying is loaded over HTTPS, the websocket connection is required to be encrypted as well.
Because we can't really get a proper certificate for localhost, we're just using a self-signed one. But Chrome won't connect to a websocket that uses a self-signed certificate.
How can we resolve this problem? We can't use an unencrypted websocket, we can't use a self-signed certificate for the encrypted one and we can't get a signed certificate for localhost. What option am I missing?
If you have admin privileges on the POS terminals, how about adding a line to the HOSTS file like:
127.0.0.1 localhost.mycompany.com
Now you can use a real certificate for localhost.mycompany.com in the server application.

Node.js on Azure Worker Role w/ SSL results in ERR_SSL_PROTOCOL_ERROR

I have a WorkerRole configured to start node.exe via the Runtime/EntryPoint/ProgramEntryPoint element in the csdef and have a HttpsIn EndPoint configured for https on port 443 w/ a valid certificate. I'm also setting the PORT environment variable in Runtime/Environment which is used by node to listen on for incoming requests.
When I start the service (either in local dev fabric or in Azure) and try to hit the service I get the following error:
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
I have verified that node.exe is indeed started when the service starts, and if I look up the local port in the Compute Emulator, usually something like:
http://localhost:444
I am able to successfully hit node directly with that using my browser. I am also able to hit node through Azure when SSL is not configured.
What am I missing? Thanks!
The issue was that I was using the http module instead of the https module when starting the web server in Node. Works once I started the https server using the ssl certificate.
I was following a guide for SSL w/ Node in a WebRole, which requires a different set up than SSL w/ Node in WorkerRole.

Categories