search

tigase / tigase-server

(M) Highly optimized, extremely modular and very flexible XMPP/Jabber server
https://tigase.net
GNU Affero General Public License v3.0
321 stars 106 forks source link

Bosh using https? #140

Open bwangel opened 2 years ago

bwangel commented 2 years ago

I have a problem with bosh https I cannot open bosh connection: https://192.168.8.32:18090/xmpp-httpbind stroph.js reports: ERR_CONNECTION_CLOSED but when using http (http://192.168.8.32:8090/xmpp-httpbind) it works.

how can i config bosh using https?

Details (please complete the following information):

config.tdsl bosh part:

bosh {
    connections {
        ports = [ 8090, 18090 ]
        /** NOT ok */
        18090(){
            socket = 'ssl'
        }
        /* ok */
        8090(){

        }
    }
    seeOtherHost {}
}

/** all ok **/
httpServer {
    connections {
        8080 (active: false) {}
        18092 () {
            domain = '192.168.8.32'
            socket = 'ssl'
        }
        8092() {
        }
    }
}
woj-tek commented 2 years ago

stroph.js reports: ERR_CONNECTION_CLOSED

Can you share more details regarding the error?

Do you have correct certificate for the domain?

bwangel commented 2 years ago

certificate is this? certs/192.168.8.32.pem.(tigase auto created )

when visit https://192.168.8.32:18092/index.html, the browser warning me it's a not safe site but can click continue to visit. all https REST interface works ok.

but only the BOSH API can't connect. I'm using strophe.js .
but when using http it works ok. ports as list above.

bwangel commented 2 years ago

certificate is this? certs/192.168.8.32.pem.(tigase auto created )

when visit https://192.168.8.32:18092/index.html, the browser warning me it's a not safe site but can click continue to visit. all https REST interface works ok.

but only the BOSH API can't connect. I'm using strophe.js .
but when using http it works ok. ports as list above.

woj-tek commented 2 years ago

when visit https://192.168.8.32:18092/index.html, the browser warning me it's a not safe site but can click continue to visit. all https REST interface works ok.

but only the BOSH API can't connect. I'm using strophe.js .

Quite possibly strophe.js blocks the connection because certificate is self-signed (i.e. those aren't trusted by default).

bwangel commented 2 years ago

Yesterday, I bought a commercial certificate(based on IP, not domain). and all SSL ports are OK except BOSH。 I confirmed i have a config problem on bosh. But what's a perfect config?

 bosh {
    connections {
        ports = [ 8090, 18090 ]
        /** NOT ok */
        18090(){
            socket = 'ssl'
        }
        /* ok */
        8090(){

        }
    }
    seeOtherHost {}
}
woj-tek commented 2 years ago

You don't have to buy the certificate - you can use Let's Encrypt.

You can/should remove ports = [ 8090, 18090 ] line.

Yes, the configuration is correct. I just tested it and it worked just fine:

Captura de pantalla 2022-03-04 a las 14 09 18
bwangel commented 2 years ago

Thank you for your testing! It's ok now.
the reason i thought bosh is base on domain, can't visit by IP .