Websocket without TLS

man1988 · December 25, 2022, 12:27pm

Hi
I need to activate the “Builtin mini-HTTP server” to enable WebSocket on port 8088 without TLS or any security encryption because my extensions which want to connect to the PBX via WebSockets are on the same machine.
so I just need to this path be accessible for WebSocket " ws://127.0.0.1:8088/ws "

as I tried several times WebSocket module will not enable without TLS or setup Certificates.
so I can not set up this path, and I don’t know how I can be sure about the proper configuration and working of this WebSocket.

Note that This machine have no internet access to create or verify the SSL or TLS certificates

PitzKey · December 25, 2022, 12:49pm

Have you tried a self signed certificate?

david55 · December 25, 2022, 12:54pm

I’m pretty sure that there is not going to be any support for unencrypted web sockets, but if there is, I’d think there is going to be a marginally higher chance that people on the Asterisk Forum will know about it, as it doesn’t seem to me that you are really doing anything FreePBX specific.

Having an internet connection is not necessary for this. You don’t need any auxiliary network connection to verify certificates. You would probably need one to check for revocations, if that is supported, but that could be a local server.

Asterisk comes with some scripts to use OpenSSL to create your own CA, and to create and sign certificates. You would, in that case, have to install the local CA certificate on all the browsers.

Certificates are actually part of the public key infrastructure, not TLS. You can use TLS without PKI, as long as both sides support it. I don’t know if it can be enabled in Asterisk.

man1988 · December 25, 2022, 2:07pm

yes, but no success, even though I don’t know how I can check it properly.
I use some NODEJS programs to check if they work or not, but I have no trust in them too.
is there any other way to test this path “ws://127.0.0.1:8088/ws” is working?

man1988 · December 25, 2022, 2:17pm

I tried to use local CA on my machine but had no success, may I do the wrong step?
it seems you’re professional with FPBX, so may I ask you to help me and tell me what I must do step by step? and how I can check the socket connection on the Linux machine?
actually, I follow “WebRTC+Phone-UCP” article to enable the WebSocket.

david55 · December 25, 2022, 2:20pm

I have some dated experience with Asterisk, and I don’t do consultancy contracts.

PitzKey · December 25, 2022, 3:49pm

From the Asterisk console, run

http show status

And share the output please

man1988 · December 25, 2022, 4:07pm

CLI Command
http show status

Result

      HTTP Server Status:
      Prefix:
      Server: Asterisk/16.2.1~dfsg-1+deb10u2
      Server Enabled and Bound to [::]:8088
      HTTPS Server Enabled and Bound to [::]:8089
      
      Enabled URI's:
      /httpstatus => Asterisk HTTP General Status
      /static/... => Asterisk HTTP Static Delivery
      /ari/... => Asterisk RESTful API
      /ws => Asterisk HTTP WebSocket
      
      Enabled Redirects:
      None.

PitzKey · December 25, 2022, 4:18pm

So it looks like it is listening just fine.

To confirm that you can open a browser and go to http://your.ip:8088/ws and you should see an error Upgrade Required since it is not a web socket

man1988 · December 25, 2022, 4:20pm

yes I got this message in the browser

Upgrade Required

Asterisk/16.2.1~dfsg-1+deb10u2

man1988 · December 25, 2022, 4:27pm

How I can check if it works properly?
I tried many google chrome bowser extensions and android apps to check is this socket working or not, but they failed.
I don’t know how I can check it, even on the machine I have a NODEJS program that tries to connect via localhost but has had no success yet.

man1988 · December 25, 2022, 4:28pm

is there any Linux command for that?

PitzKey · December 25, 2022, 4:40pm

wscat -s echo -c ws://127.0.0.1:8088/ws

man1988 · December 25, 2022, 4:42pm

Thanks, I found it right now on the web and test it in many ways:

wscat -c “ws://127.0.0.1/ws”
error: Unexpected server response: 404

wscat -c “wss://127.0.0.1/ws”
error: connect ECONNREFUSED 127.0.0.1:443

wscat -c “ws://127.0.0.1:8088/ws”
error: Unexpected server response: 400

wscat -c “wss://127.0.0.1:8088/ws”
error: write EPROTO 140365066352576:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:…/deps/openssl/openssl/ssl/record/ssl3_record.c:332:

wscat -c “ws://127.0.0.1:8089/ws”
error: socket hang up

wscat -c “wss://127.0.0.1:8089/ws”
error: self signed certificate

man1988 · December 25, 2022, 4:58pm

your command working !!!
what’s the difference?

wscat -s echo -c ws://127.0.0.1:8088/ws
Connected (press CTRL+C to quit)

PitzKey · December 25, 2022, 5:00pm

This indicates that it is working.

man1988 · December 25, 2022, 5:06pm

Is there any command that I can type when it’s connected to get results from the WebSocket?

PitzKey · December 25, 2022, 5:16pm

What are you trying to achieve?

man1988 · December 25, 2022, 5:26pm

I check this with my NODEJS code, but it still can not connect and fail

WebSocket
false

so I think may it cause because of the self-signed certificate.
I have no idea, I just want to test each section step by step to debug it

@PitzKey you’re helped me a lot, I really appreciate you

man1988 · December 26, 2022, 3:38pm

after several days of experience connecting to a local FPBX server via WebSocket, and making calls through the NODEJS application, I found that this was totally impossible because there was no way to make an audio or video connection on the server side via the WebSocket.
I learned how to activate the WebSocket and test it, also connect to it in the NODEJS application. I change my way to solve my problem but I left my code here for others who want to follow this for feature research and development also it’s helpful for text messaging.

Thanks you all

const JsSIP = require('jssip');
const NodeWebSocket = require('jssip-node-websocket');
let socket = new NodeWebSocket('ws://127.0.0.1:8088/ws/');


let ua = new JsSIP.UA(

{
        uri          : 'sip:[email protected]',
        authorization_user: "333",
        password     : "333",
        display_name : "INT 1",
        sockets      : [ socket ],
        register     : true
});

console.log("WebSocket");
ua.start();
ua.register();
console.log(socket.isConnected());
ua.on('connected', function(e){ console.log("connected") });
ua.on('disconnected', function(e){ console.log("disconnected") });
ua.on('newRTCSession', function(e){ console.log(e) });
ua.on('newMessage', function(e){ console.log(e) });
console.log("User Agent Created.");

var eventHandlers = {
  'progress': function(e) {
    console.log('call is in progress');
  },

  'failed': function(e) {
    console.log('call failed with cause: '+ e.data.cause);
  },

  'ended': function(e) {
    console.log('call ended with cause: '+ e.data.cause);
  },

  'confirmed': function(e) {
    console.log('call confirmed');
  }
};

var options = {
  'eventHandlers'    : eventHandlers,
  'mediaConstraints' : { 'audio': false, 'video': false }
};

// make a call
var session = ua.call('sip:[email protected]', options);