node.js - iOS Safari fails to connect to secure websocket, but works on desktop -
i have node.js https server using non-self-signed certificates. believe godaddy, not sure though. employer provided me key , cert files.
server:
var fs = require('fs') , server = require('https').createserver({ key: fs.readfilesync( __dirname + "/key.pem" ), cert: fs.readfilesync(__dirname + "/cert.pem" ) }) , websocketserver = require('ws').server , websocketserver = new websocketserver({ server: server, }) , port = 8080; server.listen(port, function(){ console.log('listening on ' + server.address().port) });
client:
var websocket = new websocket('wss://my.website.com:8080');
this code works expected on desktop chrome, safari, , firefox. client able connect the secure websocket. however, trying on ios 9.3.1 safari gives me following error:
the operation couldn't completed.(osstatus error -9807.)
osstatus showed me caused invalid certificate chain. unfortunately, here knowledge of ssl begins fade. after additional googling, tried multiple combinations of following options accepted https.createserver()
:
secureprotocol: "sslv3_method", rejectunauthorized: false, ciphers: 'ecdhe-rsa-aes256-sha:aes256-sha:rc4-sha:rc4:high:!md5:!anull:!edh:!aesgcm', honorcipherorder: true, requestcert: false
none of them have worked far. have seen ca
option (certificate authority) not not know find file, examples online suggest used self-signed certs?
any appreciated, thanks!
somehow putting nginx in front of node app seemed fix issue. able following configuration working pretty (taken this tutorial):
server { listen 443; server_name *.website.com; ssl on; ssl_certificate /etc/ssl/cert.pem; ssl_certificate_key /etc/ssl/key.pem; location / { proxy_pass https://pr.iv.ate.ip:8080; proxy_http_version 1.1; proxy_set_header upgrade $http_upgrade; proxy_set_header connection 'upgrade'; proxy_set_header host $host; proxy_cache_bypass $http_upgrade; } }
still big ¯\_(ツ)_/¯ why doesn't work node, again knowledge of ssl (and server configuration in general) still limited.
Comments
Post a Comment