Jump to content

Recommended Posts

Posted

Ah, no - Forgot to change the config.js.
I'm a bit confused with all ports...  Now I've enabled wss in config.js:

socket: 'wss:mydomain.com:5443'

And which ports should I use in the haproxy.cfg?
This is my setup now (7777 in listen section and 5443 in backend)

image.png.69e557d526bc1949121e8f39ef036ee5.png

Is this correct?
When trying this i get Layer4 connection problem, info: "Connection refused"

Also tried to set 5443 in listen and 5555 in backend, then I get Layer7 wrong status, code: 400, info: "Bad Request"  instead...

 

Posted (edited)

Whether you use 7777 or 5443 or 12345 as the listening port doesn't matter---it's your choice, but you must make sure the socket in config.js matches. It looks like you left out the slashes in config.js. So if your listen port is 7777 like me, your config.js should have 

socket: 'wss://yourdomain.com:7777',

If you want to use 5443 then put that in your bind listen in HAProxy, and also in your config.js.

Port 5555 is the port that the actual Kazoo app uses, so your server line in HAProxy must have port 5555.

The socket line in config.js tells your users' browser where it should connect to for websocket events---this is the protocol and port that you are exposing to the outside, the TLS proxied websocket port (5443 or 7777 or whatever you pick---any port as long as it isn't already in use).

The listen section in HAProxy is what config.js is referring to, it's what HAProxy is listening on from the outside (with TLS).

The backend section tells HAProxy which server[s] to send those requests to that it gets on the public (TLS proxied) side. This will always be to port 5555 on your Kazoo apps, since that is where the Blackhole Kazoo app is listening, and there is no option (nor need) to change that port.

If after correcting your config.js with the slashes, and making sure your ports are right it still doesn't work, post your whole haproxy.cfg file (you can sanitize the IPs if you like) and let me take a look.

Edited by RuhNet (see edit history)
  • 10 months later...
Posted (edited)

Late reply, again. Stumbled upon this issue when trying to connect to WSS websocket in another subject. Turned out that I've been trying to use the wrong certificate files, at least this time.
Note to self (and others with same issue); Use the correct certs, and make the haproxy.pem like this if you're using Let's Encrypt / Certbot:

cat fullchain.pem privkey.pem | tee haproxy.pem

This time I got it working with the config from Kazoo docs, don't know if your settings will work also, @RuhNet (it probably will);
https://docs.2600hz.com/supported/applications/blackhole/doc/#wss-considerations

Edited by tomas_ (see edit history)
Posted

Yes, HAProxy only supports a combined certificate/key file in one. I normally use the bash script GetSSL to do cert renewals, and it will output a single file which removes the need to cat them together.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...