search

novnc / websockify

Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.
GNU Lesser General Public License v3.0
3.95k stars 781 forks source link

wss: via ssl on linux debian board #558

Closed focussing closed 1 year ago

focussing commented 1 year ago

Situation description

I am running Debian 11 on a small Linux board on the local network whre also my PC is present. On this board a C-application is running which reads all hardware. Within this C-application an instance of wsServer https://github.com/Theldus/wsServer is running. Also on the board a http: webserver is running. When the board's website is opened, it starts a ws-client to the ws: server and the status of the hardware is communicated to the website via the websocket. This way the hardware status is shown in real-time on the webpage. Beautiful!

When the website is accessed from outside the local network via a router we have seen that the console of the browser window is showing a mixed content error Mixed Content: The page at xxx was loaded over HTTPS, but requested an insecure yyy. This is correct because in that situation route to the website is initiated via https: and the websocket connection would be opened via ws: instead of wss:.

I have read your instructions to get websockify up and running

openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
websockify 443 a20-olinuxino:8080
WebSocket server settings:
  - Listen on :443
  - SSL/TLS support
  - proxying from :443 to a20-olinuxino:8080

On the browser (latest version of chrome) when I try to open a wss: connection to wss://a20-olinuxino:443 it give the following error: handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1123)

I tried to let the browser accept the certificate but it does not recognize the .pem file.

Sure that I am doing things wrong, please can anyone help me in getting this to work?

Best regards, Raymond

CendioOssman commented 1 year ago

Browsers never accept self-signed certificates right away, so you need to add an exception. This is not specific to websockify, so you'll need to follow the browsers normal procedure for this. Generally, that means visiting the web site and clicking some exception button when the error pops up. So visiting https://a20-olinuxino in your case.