0

Experiencing WebSocket issues for a SignalR chat in the UI while running in production, but in locally it's working. We are using C# in the backend and React in the UI.

I have checked the server log. There is an SSL handshake issue. I used an SSL checker to check the validity of the SSL certificate.

However, I am unable to find the certificate and key path on the server. Where could be the certificate and key in the server folders? Please assist me to find it. Thanks in advance.

server configuration:

server{

       listen 443;
       location / {
          proxy_pass http://my_app;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection keep-alive;
          proxy_set_header Host $host;
          proxy_cache_bypass $http_upgrade;
         }
       location /chatHub {
          proxy_pass http://my_app;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade"   ;
          proxy_set_header Host $host;
          proxy_cache_bypass $http_upgrade;
      # Configuration for ServerSent Events
          proxy_buffering off;
      # Configuration for LongPolling
          proxy_read_timeout 100s;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          }        
}

2
  • I am not sure, but I ain't see here any ws:// been used. Please give us logs and more knowledge how a request should be made. and a simple way to understand how a request should work.
    – djdomi
    Commented Apr 2 at 6:01
  • Where, in the configuration you have shown us, are the certificate and key files defined? (BTW the reason nginx isn't choking on this config is that you didn't tell it to use TLS here)
    – symcbean
    Commented Apr 2 at 11:03

1 Answer 1

1

As @symcbean stated in his comment, the matter here is that nginx is not using tls. Because you didn't configure it appropriately. You should tell it not only to listen on 443 but also that must be an ssl listener. And then you must tell it where to retrieve tls certificate and key to use to establish tls communication.
The path on the server where to put your cert and key is of your choice: just be aware to adequately protect the private key, usually by assigning only the read permission (400) for root user (which the master process runs with).
So, your configuration

server{

       listen 443;
       location / {
       ...

should become something like

server{

       listen 443 ssl;
       ssl_certificate <path/to/certificate_file>;
       ssl_certificate_key <path/to/key_file>;
       location / {
       ...

where the additional ssl keyword in listen 443 ssl; tells nginx that this one on port 443 is a TLS listener, the ssl_certificate directive indicates where to get the certificate file and the ssl_certificate_key where to get the key file.
If you've installed nginx on centos/rhel server by using the yum/dnf package manager, you can take advantege of the automatically created folder /etc/nginx/ssl to put certificate and key under it. And inside the configuration you can refer to them by using relative path, like

server{

       listen 443 ssl;
       ssl_certificate ssl/<certificate_file>;
       ssl_certificate_key ssl/<key_file>;
       location / {
       ...

Then you should refine the things about protocols and ciphers used in TLS communication, by using for instance ssl_protocols and ssl_ciphers directives. But it's a further step and out of scope with your specific question.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .