Hi, It might be a stupid question, but why you don't have WebSockets without TLS between HAProxy and Kamailio ? I've a similar setup to enable us to have on the same 443 port regular Web server and SIP WebSockets, for now, it works pretty well.
-- Ludovic Gasc (GMLudo) Lead Developer Architect at ALLOcloud https://be.linkedin.com/in/ludovicgasc 2017-02-02 18:39 GMT+01:00 Jade SZ <jitterbuf...@gmail.com>: > Hi Guys, > > I am trying to setup the following flow: > > Browser >> WSS >> HA Proxy >>> WSS >> Kamailio > > But getting TLS errors in Kamailio logs: > *[29634]: ERROR: <core> [tcp_read.c:1321]: tcp_read_req(): ERROR: > tcp_read_req: error reading - c: 0x7f68ebe872b0 r: 0x7f68ebe87330* > *[29631]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS > accept:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number* > > Browser <-----wss---->Kamailio works fine with same certs. > > Both HA Proxy and Kamilio are installed on separate servers, hosting on > same port with different domain. Kamailio tls.conf has method = TLSv1 > > *@HA Proxy:* > > openssl s_client -connect HA-PROXY-DOMAIN:*10443* > > SSL-Session: > Protocol : TLSv1.2 > > *@Kamailio :* > openssl s_client -connect KAMAILIO-DOMAIN:*10443* > > SSL-Session: > Protocol : TLSv1 > > So I made HA Proxy to be on TLSv1 "ssl-default-bind-options force-tlsv10" > But still I get the same TLS error in Kamailio. > > *HA Proxy config looks like:* > > *frontend public* > * bind *:10443 ssl crt /etc/haproxy/certs/cert.pem* > * acl is_websocket hdr_end(host) -i m1.some-domain.com > <http://m1.some-domain.com>* > * use_backend wss if is_websocket* > * default_backend wss* > > *backend wss* > * timeout server 600s* > * server ws1 k1.some-domain.com:10443 <http://k1.some-domain.com:10443>* > * server ws1 k2.some-domain.com:10443 <http://k2.some-domain.com:10443>* > > > Need some direction, thanks in advance. > > > Regards, > Jade > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
