tomas_ Posted September 27, 2022 Report Share Posted September 27, 2022 Ah, no - Forgot to change the config.js. I'm a bit confused with all ports... Now I've enabled wss in config.js: socket: 'wss:mydomain.com:5443' And which ports should I use in the haproxy.cfg? This is my setup now (7777 in listen section and 5443 in backend) Is this correct? When trying this i get Layer4 connection problem, info: "Connection refused" Also tried to set 5443 in listen and 5555 in backend, then I get Layer7 wrong status, code: 400, info: "Bad Request" instead... Quote Link to comment Share on other sites More sharing options...
RuhNet Posted September 27, 2022 Author Report Share Posted September 27, 2022 (edited) Whether you use 7777 or 5443 or 12345 as the listening port doesn't matter---it's your choice, but you must make sure the socket in config.js matches. It looks like you left out the slashes in config.js. So if your listen port is 7777 like me, your config.js should have socket: 'wss://yourdomain.com:7777', If you want to use 5443 then put that in your bind listen in HAProxy, and also in your config.js. Port 5555 is the port that the actual Kazoo app uses, so your server line in HAProxy must have port 5555. The socket line in config.js tells your users' browser where it should connect to for websocket events---this is the protocol and port that you are exposing to the outside, the TLS proxied websocket port (5443 or 7777 or whatever you pick---any port as long as it isn't already in use). The listen section in HAProxy is what config.js is referring to, it's what HAProxy is listening on from the outside (with TLS). The backend section tells HAProxy which server[s] to send those requests to that it gets on the public (TLS proxied) side. This will always be to port 5555 on your Kazoo apps, since that is where the Blackhole Kazoo app is listening, and there is no option (nor need) to change that port. If after correcting your config.js with the slashes, and making sure your ports are right it still doesn't work, post your whole haproxy.cfg file (you can sanitize the IPs if you like) and let me take a look. Edited September 27, 2022 by RuhNet (see edit history) Quote Link to comment Share on other sites More sharing options...
tomas_ Posted August 7, 2023 Report Share Posted August 7, 2023 (edited) Late reply, again. Stumbled upon this issue when trying to connect to WSS websocket in another subject. Turned out that I've been trying to use the wrong certificate files, at least this time. Note to self (and others with same issue); Use the correct certs, and make the haproxy.pem like this if you're using Let's Encrypt / Certbot: cat fullchain.pem privkey.pem | tee haproxy.pem This time I got it working with the config from Kazoo docs, don't know if your settings will work also, @RuhNet (it probably will);https://docs.2600hz.com/supported/applications/blackhole/doc/#wss-considerations Edited August 7, 2023 by tomas_ (see edit history) Quote Link to comment Share on other sites More sharing options...
RuhNet Posted August 7, 2023 Author Report Share Posted August 7, 2023 Yes, HAProxy only supports a combined certificate/key file in one. I normally use the bash script GetSSL to do cert renewals, and it will output a single file which removes the need to cat them together. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.