I'm trying configure Kamailio with WebSocket Secure (wss) using JSSIP on client-side. I made settings on kamailio.cfg and tls.cfg, besides allowed ports and redirect. On my browser console I see that: jssip-3.0.13.js:21334 WebSocket connection to 'wss://mydomain.com:4443/' failed: WebSocket opening handshake was canceled
But, if I use ws ('ws://mydomain.com:8080/') it works.
Does someone knows how to fix that problem?
I generated the certificates, but the problem persists. I'm using nodeJS as a server.
kamailio.cfg file:
/* add local domain aliases */
alias="mydomain.com"
listen=udp:private_ip:5060 advertise public_ip:5060
listen=tcp:private_ip:5060 advertise public_ip:5060
listen=tcp:private_ip:5061 advertise public_ip:5061
listen=MY_WS_ADDR advertise public_ip:8080
listen=tls:private_ip:4443 advertise public_ip:5061
"#!ifdef WITH_TLS
listen=MY_WSS_ADDR advertise public_ip:4443
"#!endif
tcp_connection_lifetime=3604
tcp_accept_no_cl=yes
tcp_rd_buf_size=16384
/* port to listen to (default 5060 for udp, tcp, scrtp, or 5061 for tls)*/
"# port=5060
[...]
"#!define WITH_NAT"
"#!define WITH_MYSQL"
"#!define WITH_AUTH
"#!define WITH_USRLOCDB"
"#!define WITH_TLS"
"#!define WITH_DEBUG"
"#!substdef "!MY_IP_ADDR!my_private_ip!g"
"#!substdef "!MY_DOMAIN!my_public_ip!g"
"#!substdef "!MY_WS_PORT!8080!g"
"#!substdef "!MY_WSS_PORT!4443!g"
"#!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g"
"#!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"
Extra info The event_route[xhttp:request] is equal Kamailio 5.0 docs: https://kamailio.org/docs/modules/5.0.x/modules/websocket.html [...]
tls.cfg file:
[...]
[server:default]
method = TLSv1
verify_certificate = no
require_certificate = yes
private_key = /etc/certs/mydomain.com/key.pem
certificate = /etc/certs/mydomain.com/cert.pem
[...]
[...]
[client:default]
verify_certificate = yes
require_certificate = yes
[...]
Javascript:
var socket = new JsSIP.WebSocketInterface('wss://mydomain.com:4443');
var configuration = {
sockets : [ socket ],
uri : 'sip:[email protected]',
password : '******',
};
NodeJS:
'use strict';
var os = require('os');
var path = require('path');
const https = require('https');
var url = require('url');
const fs = require('fs');
const options = {
key: fs.readFileSync('demoCA/key.pem'),
passphrase: '*********',
cert: fs.readFileSync('demoCA/cert.pem')
};
var app = https.createServer(options, function(req, resp) {
var url_parts = url.parse(req.url);
var path = url_parts.pathname;
console.log(path)
fs.readFile(__dirname + path, function(err, data) {
if(err) {
resp.writeHead(404, {'Content-Type': 'text/html'});
resp.write('Not found');
} else {
resp.writeHead(200, {'Content-Type': 'text/html'});
resp.write(data);
}
resp.end();
});
});
app.listen(443);
AWS
Listening on
udp: private_ip:5060 advertise public_ip:5060
tcp: private_ip:5060 advertise public_ip:5060
tcp: private_ip:5061 advertise public_ip:5061
tcp: private_ip:8080 advertise public_ip:8080
tls: private_ip:4443 advertise public_ip:4443
Aliases:
tls: ip-private_ip.us-west-2.compute.internal:4443
tcp: ip-private_ip.us-west-2.compute.internal:8080
tcp: ip-private_ip.us-west-2.compute.internal:5061
tcp: ip-private_ip.us-west-2.compute.internal:5060
udp: ip-private_ip.us-west-2.compute.internal:5060
If you need more details, ask me, so I will edit my question.
I solved my problem. I was missing load some modules and routers.
I saw this file as example: https://gist.github.com/jesusprubio/4066845 but is important to know that every module the begin "mi" they aren't supporte on Kamailio 5.0. You will need replace for the module relative the version 5.0.
I used this site to generated the certificates: certbot.eff.org/#ubuntuxenial-nginx
I hope it helpful someone.