Open epsilon-0 opened 3 years ago
Didn't the listen function just fail?
No, it didn't fail. :open_mouth:
Trying to read the files was causing an ENOENT
error but the listen proceeded and the server was running.
Possibly related, just to add:
80
, instead of 443
.ca_file_name
isn't mentioned on https://unetworking.github.io/uWebSockets.js/generated/interfaces/appoptions.html, but I found it at https://github.com/uNetworking/uWebSockets/blob/master/src/App.h#L38. It still worked though even without providing it (maybe not needed at all).I'm on Ubuntu 20.04
, uWebSockets.js v18.12.0
Update: it looks like it only works on chrome desktop, but not on firefox desktop and chrome android.
I've tried the following but no luck:
let app = null;
let port = null;
const endpoint_domain = 'mydomain.com';
const key_file_name = `/etc/letsencrypt/live/${endpoint_domain}/privkey.pem`;
const cert_file_name = `/etc/letsencrypt/live/${endpoint_domain}/cert.pem`;
const ca_file_name = `/etc/letsencrypt/live/${endpoint_domain}/chain.pem`;
if (fs.existsSync(key_file_name) === true) {
assert(fs.existsSync(cert_file_name) === true);
assert(fs.existsSync(ca_file_name) === true);
app = uws.SSLApp({ key_file_name, cert_file_name, ca_file_name });
port = 443;
} else {
app = uws.App({});
port = 8080;
}
Edit: solved with using the following:
const key_file_name = `/etc/letsencrypt/live/${endpoint_domain}/privkey.pem`;
const cert_file_name = `/etc/letsencrypt/live/${endpoint_domain}/fullchain.pem`;
Edit: how do I mark my comment as outdated lol.
Maybe this should be tied up with logging
There also seems to be no warnings/errors if uWS is compiled without "WITH_OPENSSL=1" . It compiles and executes without using an ssl context even when the code tells it to.
Should the cert_file_name
be changed to fullchain_file_name
or cert_ca_file_name
?
fullchain.pem = cert.pem + ca.pem, right?
Renaming things is always fun but breaks backwards compatibility. So even a bad name kept is better than a good name introduced in many cases. You still are allowed to pass only cert, it works both ways.
fullchain_file_name is a good name, it can be added as an alias
I have an SSL app, which ran but all SSL connections failed as the certificates were with incorrect permissions (system admin had messed up).
Knowing that the problem was with the loading of certificates would have been helpful to debug. It took us really long to figure out it was a file issue and not an OpenSSL version issue.
Is there a way to have debug information with the library, so we can catch errors like this?
Thanks, Aisha