search

laravel / reverb

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications.
https://reverb.laravel.com
MIT License
1.02k stars 71 forks source link

Unable to run in live production server via ssl #137

Closed mrleeuk closed 4 months ago

mrleeuk commented 4 months ago

Reverb Version

latest beta

Laravel Version

11

PHP Version

8.3

Description

Hi all.

I have spent numerous weekends trying to get this running following various closed posts on here but I am now on a loss.

I have a laravel application which used to run fine with Laravel Websockets but since updating to Laravel 11 and reverb, I can not establish a connection. (failed to connect) Nginx log on the subdomain for the socket connection reports error 400 nginx SSL/TLS access

My server is ubuntu 22.04.4 LTS with plesk Obsidian 18.0.59.

Port 8080 is open.

I have a domain and subdomain both using a wildcard ssl certificate

Steps To Reproduce

.ENV

REVERB_APP_ID=HIDDEN REVERB_APP_KEY=HIDDEN REVERB_APP_SECRET=HIDDEN REVERB_HOST=ws.myproductiondomain.net REVERB_PORT=8080 REVERB_SCHEME=https

VITE_REVERB_APP_KEY="${REVERB_APP_KEY}" VITE_REVERB_HOST="${REVERB_HOST}" VITE_REVERB_PORT=443 VITE_REVERB_SCHEME="${REVERB_SCHEME}"

REVERB: Revervb running via Supervisor with no errors.

NGINX settings for subdomain:

Proxy Mode - OFF

Additional nginx directives:

location / { proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Scheme $scheme; proxy_set_header SERVER_PORT $server_port; proxy_set_header REMOTE_ADDR $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade";

proxy_pass http://0.0.0.0:8080;

}

connection to ws.myproductiondomain.net shows the black screen with not found so I am guessing the reverb server is running correctly as if i stop the server i dont get this but get a normal gateway error.

Error on console showing Websocket connection to 'wss://ws.myproductiondomain.net/app/ajjGYjPO9%?protocol=7&client=js&version=8.3.0&flash=false' failed:

Nginx log on the subdomain:

Error 400 GET /app/ajjGYjPO9%?protocol=7&client=js&version=8.3.0&flash=false HTTP/1.1 nginx SSL/TLS access

Also tried specifiying the cert and cert key locations in the reverb.php file but still same errors.

njzabala commented 4 months ago

What port is your nginx running? Usually nginx is running at port 8080 and it might be overlapping since reverb is also running at port 8080 by default.

mrleeuk commented 4 months ago

Not sure to be honest but just in case I have opened port 6001 which is what Laravel websockets used to run on and started reverb on that port instead and also adjusted the additional nginx config on the sub domain to http://0.0.0.0:6001

log shows that the reverb restart was successful on port 6001

Still the same result. NGINX error log still showing 400 SSL/TLS access and cosole showing websocket failed message as before.

njzabala commented 4 months ago

Try this config on your nginx:

listen 8080;  <--- running port of nginx
listen [::]:8080;  <--- running port of nginx ipv6

server_name {url};

location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

    proxy_pass http://127.0.0.1:6001; <--- running port of reverb
}

It should be inside server block

driesvints commented 4 months ago

Hi there,

Thanks for reporting but it looks like this is a question which can be asked on a support channel. Please only use this issue tracker for reporting bugs with the library itself. If you have a question on how to use functionality provided by this repo you can try one of the following channels:

However, this issue will not be locked and everyone is still free to discuss solutions to your problem!

Thanks.

tarun-pixeleyez commented 4 months ago

Hii,

Does anyone know how to live in Apache server?

mrleeuk commented 4 months ago

I am also still trying to get it to run on a live server. I can run it on my local dev server without ssl but for the life of me can’t on a live server hosted by IONOS with an ssl cert.

Was able to run the laravel websocket package before but switched to reverb due to it no longer been maintained.

My server host confirmed reverb running and ports open, nginx reverse proxy ok, apache ok etc but for some reason it just won’t talk to my application yet the laravel websocket did.

tfortin commented 4 months ago

Hey there,

I've been struggling with the same issue for several days, and finally got it working. I came from Laravel 10 with beyondcode/laravel-websockets package, and migrating to Laravel 11 with Reverb broke my websockets hidden behind an nginx reverse proxy, though they were working fine on my local dev server.

So if it helps, here is my working example:

.env

REVERB_APP_ID=xxxx
REVERB_APP_KEY=xxxx
REVERB_APP_SECRET=xxxx
REVERB_HOST=0.0.0.0
REVERB_PORT=6001
REVERB_SCHEME=http
REVERB_APP_CLUSTER=
REVERB_SERVER_HOST=0.0.0.0
REVERB_SERVER_PORT=6001

VITE_REVERB_APP_KEY="${REVERB_APP_KEY}"
VITE_REVERB_APP_CLUSTER="${REVERB_APP_CLUSTER}"
VITE_REVERB_HOST="my.server.org"
VITE_REVERB_PORT=443
VITE_REVERB_SCHEME=https

I'm using Laravel Sail, so I made sure the 6001 port was mapped between my docker container and the host. I make Reverb run on 6001 as laravel-websockets was.

nginx conf

map $http_upgrade $type {
  default "web";
  websocket "ws";
}

upstream my_backend {
  server 127.0.0.1:8081;
}
server {
  listen *:80;
  listen [::]:80;
  server_name my.server.org;
  return 301 https://$server_name$request_uri;
  access_log /var/log/nginx/myapp_access.log;
  error_log /var/log/nginx/myapp_error.log;
}
server {
  listen 0.0.0.0:443 ssl http2;
  listen [::]:443 ssl http2;

  ssl_certificate xxx;
  ssl_certificate_key xxx;

  server_name my.server.org;
  server_tokens off;

  proxy_busy_buffers_size 512k;
  proxy_buffers 4 512k;
  proxy_buffer_size 256k;

  location / {
    try_files /nonexistent @$type;
  }

  location @ws {
    proxy_pass             http://127.0.0.1:6001;
    proxy_read_timeout     60;
    proxy_connect_timeout  60;
    proxy_redirect         off;

    # Allow the use of websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }

  location @web {
    proxy_pass http://my_backend;
    proxy_redirect off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Url-Scheme $scheme;
  }
}

Note that I have a single nginx conf for both http and websockets requests, the $http_upgrade mapping does the trick. In the end, I had a duplicate line that prevented it from working (proxy_set_header Host $host;), removing it solved the issue.

mrleeuk commented 4 months ago

Will give that a try later when I get back home. I also came from Laravel 10 and Laravel-websockets package and the only way to run on my live server at the moment is to disable ssl on the server then it will run fine using ws:// but as soon as I enable ssl and reverb tries using wss:// then it no longer works.

Will let you know how I get on.