WebRTC phone with HTTPS


(chriscarpenter12) #1

Is there anything I need to do to get the WebRTC phone working when the page is secure (HTTPS)? I am using the freepbx distro v12. When the page is in HTTP everything is working fine. When the page is secure the WebRTC phone doesn’t dial. I can open the phone and type a number, but hitting Dial does nothing. I wanted a few sales users to use the WebRTC phone when at home and Chrome prompts to use the microphone on every call. Chrome recommends to use a secure page and it will automatically accept microphone access then.

https://support.google.com/chrome/answer/2693767?hl=en

In /var/etc/httpd/conf.d/ssl.conf I replaced the localhost.crt and localhost.key with my own and set the

DocumentRoot /var/www/html/ucp/
ServerName pbx.myserver:443

Best way to secure connection to AWS FreePBX?
(chriscarpenter12) #2

Out of curiosity and testing I have even tried to reverse proxy 443 back to itself on port 80. It still does not work…

If anyone can tell me how they got this working with HTTPS that would be awesome.

Here is what I have so far.

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/pbx.crt
  SSLCertificateKeyFile /etc/pki/tls/private/pbx.key

  ProxyPass / http://0.0.0.0:80/
  ProxyPassReverse / http://0.0.0.0:80/
</virtualhost>

Everything on the page is working as far as I can tell except for the WebRTC.


(Andrew Nagy) #3

WebRTC does not connect through apache so any settings in there are not relevant to WebRTC. WebRTC connects directly to asterisk over websockets.


(chriscarpenter12) #4

I noticed this by looking at the console in chrome.

The page at 'https://pbx.mydomain.com/?display=dashboard' was loaded over HTTPS, but ran insecure content from 'ws://0.0.0.0:8088/ws': this content should also be loaded over HTTPS.

.

Mixed Content: The page at 'https://pbx.mydomain.com/?display=dashboard' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://pbx.mydomain.com:8001/socket.io/?token=823669566e113c7208f6300b521d6081&EIO=3&transport=polling&t=1421358357946-0'. This request has been blocked; the content must be served over HTTPS.

Is there a way to use wss:// for secure websockets?


(Andrew Nagy) #5

The socket.io error is unrelated. You should first update your modules so that won’t show up


(chriscarpenter12) #6

I have updated my modules this morning and the socket.io error is gone now.

How do we get a secure socket connection?


(Wagner Sartori Junior) #7

same problem here… can’t make webrtc works on https because of secure connection.


#8

I am getting this instead…I have WSS configured properly, I think.

Engine connecting
VM29402:23676 Mixed Content: The page at 'https://URLHIDDEN.com/?display=dashboard' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://URLHIDDEN.com:8088/ws'. This endpoint should be available via WSS. Insecure access is deprecated.
VM29402:23676 Connecting to a non-secure WebSocket server from a secure origin is deprecated.

(Andrew Nagy) #9

WSS is not supported in UCP at this time.

EDIT: This is no longer true! This has been linked by a few recent articles. FreePBX now supports WSS


UCP phone not working in chrome (must use WSS)
WebRTC drops call after 30 seconds
Best way to secure connection to AWS FreePBX?