Secure websockets with stunnel and Ratchet. Connection is closed

Question

I have a working websockets solution with Ratchet and ZeroMQ as documented in their push integration documentation. The problem I have is the production application is served through SSL and unsecured websockets don't work in Firefox when requested through secure websites. The issue is well known, and two suggestions are to use stunnel, or go with nginx for web server. I can't use nginx so my only option is stunnel, but clients can't connect.

Here's my stunnel configuration:

client = no
chroot = /var/lib/stunnel/
setuid = stunnel
setgid = nogroup
pid = /var/run/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/apache2/server.info.crt
key = /etc/apache2/server.info.key

[websocket]
accept = 8079
connect = 8080

Ratchet is configured to listen in 8080:

$webSock = new React\Socket\Server($loop);
$webSock->listen(8080, "0.0.0.0"); // Binding to 0.0.0.0 means remotes can connect
$webServer = new Ratchet\Server\IoServer(
  new Ratchet\Http\HttpServer(
      new Ratchet\WebSocket\WsServer(
          new Ratchet\Wamp\WampServer(
              $pusher
          )
      )
  ),
  $webSock
);

And client are trying to connect through wss://server.ip:8079 however no client can connect, as soon as the request is made, they are disconnected.

Any ideas?

Answer 1

I'm going through stunnel while using Ratchet for encryption too. My entire stunnel.conf looks like this. Using the same pem as my apache httpd server.

cert = /etc/apache2/ssl/cert.pem

[websocket]
accept = YOUR_PUBLIC_IP_ADDRESS:8079
connect = 127.0.0.1:8080

You may be missing the IP address before the ports. I combine the key and cert into a pem but using both should work.

Answer 2

I encountered the same problem in Mac OS, but just solved it by adding the certificate to the keychain access, so that the browsers (Chrome and Safari) will acknowledge the certificate and the connection will establish.