我试图用WebSocket安全(wss)配置Kamailio在客户端使用JSSIP。我对kamailio.cfg和tls.cfg进行了设置,除了允许的端口和重定向之外。在我的浏览器控制台上,我看到:jssip-3.0.13.js:21334 WebSocket connection to 'wss://mydomain.com:4443/' failed: WebSocket opening handshake was canceled
Kamilio和JS SIP Websocket安全
但是,如果我使用ws('ws://mydomain.com:8080/'
)它的工作原理。
有人知道如何解决这个问题吗?
我生成了证书,但问题仍然存在。我使用nodeJS作为服务器。
kamailio.cfg文件:
/*添加本地域别名*/
别名为 “mydomain.com”
听= UDP:private_ip:5060做广告public_ip:5060
listen = tcp:private_ip:5060 advertise public_ip:5060
listen = tcp:private_ip:5061 advert ISE public_ip:5061
听= MY_WS_ADDR做广告public_ip:8080
听= TLS:private_ip:4443做广告public_ip:5061
”的#ifdef WITH_TLS
听= MY_WSS_ADDR做广告public_ip:4443
“#!ENDIF
tcp_connection_lifetime = 3604
tcp_accept_no_cl =是
tcp_rd_buf_size = 16384
/*端口听(默认5060 UDP,TCP,scrtp,或5061 TLS)*/
“#端口= 5060
[...]
“#!限定WITH_NAT”
“#!定义WITH_MYSQL”
“#!定义WITH_AUTH
”#!定义WITH_USRLOCDB“
”#!定义WITH_TLS“
”#!定义WITH_DEBUG“
” #!substdef“!MY_IP_ADDR !my_private_ip!G “
” #!substdef “!MY_DOMAIN!my_public_ip!G”
“#!substdef”!MY_WS_PORT!8080!! “!!!MY_WSS_PORT4443克!” “#substdef! ”G “
” #substdef
MY_WS_ADDR TCP:MY_IP_ADDR:MY_WS_PORT G“
” #substdef“MY_WSS_ADDR!! TLS:MY_IP_ADDR:MY_WSS_PORT G”
额外的信息 的event_route [xhttp:请求]等于Kamailio 5.0文档:https://kamailio.org/docs/modules/5.0.x/modules/websocket.html [...]
tls.cfg文件:
[...]
[服务器:默认]
方法=使用TLSv1
verify_certificate =没有
require_certificate = YES
private_key = /etc/certs/mydomain.com/key.pem
证书= /etc/certs/mydomain.com/cert.pem
[...]
[...]
[客户端:默认]
verify_certificate = YES
require_certificate =是
[...]
的Javascript:
var socket = new JsSIP.WebSocketInterface('wss://mydomain.com:4443');
var configuration = {
sockets : [ socket ],
uri : 'sip:[email protected]',
password : '******',
};
的NodeJS:
'use strict';
var os = require('os');
var path = require('path');
const https = require('https');
var url = require('url');
const fs = require('fs');
const options = {
key: fs.readFileSync('demoCA/key.pem'),
passphrase: '*********',
cert: fs.readFileSync('demoCA/cert.pem')
};
var app = https.createServer(options, function(req, resp) {
var url_parts = url.parse(req.url);
var path = url_parts.pathname;
console.log(path)
fs.readFile(__dirname + path, function(err, data) {
if(err) {
resp.writeHead(404, {'Content-Type': 'text/html'});
resp.write('Not found');
} else {
resp.writeHead(200, {'Content-Type': 'text/html'});
resp.write(data);
}
resp.end();
});
});
app.listen(443);
AWS
上侦听
udp: private_ip:5060 advertise public_ip:5060
tcp: private_ip:5060 advertise public_ip:5060
tcp: private_ip:5061 advertise public_ip:5061
tcp: private_ip:8080 advertise public_ip:8080
tls: private_ip:4443 advertise public_ip:4443
别名:
tls: ip-private_ip.us-west-2.compute.internal:4443
tcp: ip-private_ip.us-west-2.compute.internal:8080
tcp: ip-private_ip.us-west-2.compute.internal:5061
tcp: ip-private_ip.us-west-2.compute.internal:5060
udp: ip-private_ip.us-west-2.compute.internal:5060
如果您需要更多的细节,请问我,所以我会编辑我的问题。
通过wss使用的自签名证书现在不能直接在浏览器中使用。直接在浏览器中打开“https://yourdomain.com:4443 /'会发生什么? –
证书是好的,我通过这个网站生成他们:https://certbot.eff.org/#ubuntuxenial-nginx 我解决了这个问题。我会发布我所做的。 感谢您的帮助。 –