search

Johni0702 / mumble-web

An HTML5 Mumble client
675 stars 151 forks source link

Error during SSL handshake #20

Closed cdauth closed 6 years ago

cdauth commented 6 years ago

I’m trying to use mumble-web with my murmur server (mumble.rankenste.in). websockify is running behind nginx.

When I connect with mumble-web, it tells me “Connecting to server mumble.rankenste.in” and then nothing happens. The server log tells me the following:

web_1     | nginx_nginx_1.nginx_default - - [16/Nov/2017 17:09:37] 172.18.0.7: Plain non-SSL (ws://) WebSocket connection
web_1     | nginx_nginx_1.nginx_default - - [16/Nov/2017 17:09:37] 172.18.0.7: Version hybi-13, base64: 'False'
web_1     | nginx_nginx_1.nginx_default - - [16/Nov/2017 17:09:37] connecting to: mumble.rankenste.in:64738
murmur_1  | <W>2017-11-16 17:09:37.897 1 => <25:(-1)> New connection: 172.23.0.1:36286
murmur_1  | <W>2017-11-16 17:09:38.053 1 => <25:(-1)> Connection closed: Error during SSL handshake: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [13]
web_1     | nginx_nginx_1.nginx_default - - [16/Nov/2017 17:09:40] code 400, message Bad request syntax ('\x88\x8f\x9c\x8aS\xbc\x9fb\x07\xdd\xee\xed6\xc8\xbc\xe9?\xd3\xef\xef7')

I’m not sure what is happening here. It seems like the connection to the Murmur server is made, but then the SSL connection fails. My first thought was that mumble-web maybe only supports murmur servers without SSL, but after some research it looks to me like murmur always uses SSL.

I don’t know what is causing the Bad request message at the end.

DoM1niC commented 6 years ago

No Problems here

here my Config 4 NGINX

server {
       listen         80;
    server_name voip.3dns.eu;
        return         301 https://voip.3dns.eu$request_uri;
}
server {
    listen   443 ssl;
       server_name    voip.3dns.eu;
    ssl    on;
    ssl_certificate    /etc/letsencrypt/live/voip.3dns.eu/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/voip.3dns.eu/privkey.pem;
    location / {
    root /home/www/voip/;
    }
        location /mumble {
                proxy_pass https://192.168.0.5:85;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }
}

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

& Run screen -d -S websocket -m websockify --cert=/etc/letsencrypt/live/voip.3dns.eu/fullchain.pem --key=/etc/letsencrypt/live/voip.3dns.eu/privkey.pem --ssl-only --ssl-target 85 10.10.0.3:9191

Use Let'zEncrypt to get a valid Cert wo make your Service SSL accessible

85 is my Websocket Port there is proxy by NGINX & 10.10.0.3:9191 is my Local Mumble Server with Port. (Mumble don't be local & doesn't need any Setups so far)

You need websockify you find it in your Package Manager like me on Debian (ARM on Raspberry Pi2)

Don't fargot to set the Cert Path & Hostname / IP Adresses in NGINX Host Conf e.g. in my Example

URL e.g. https.//yourdomain or subdomain/mumble to open the Web Mumble

cdauth commented 6 years ago

I had the same config as you, except that my websockify was serving without SSL (in your case it also doesn't seem necessary, as you have the nginx proxy in front of it that takes care of SSL). This is why I had removed all the --ssl-* parameters from the websockify command.

It turns out that --ssl-target is necessary, as it actually makes websockify talk to the backend (the murmur server) through SSL. I didn’t know because this parameter is not documented anywhere. The best documentation I could find is the pull request novnc/websockify#45.

I added the --ssl-target argument to websockify now and it works.