Hi Guys, Thanks for replying.
@Ludovic: Are you referring to this: Browser >> WSS >> HA Proxy >>> *WS* >> Kamailio ? I am trying to have minimum translation between HAproxy and Kamailio so keeping it same. Just want it work then can decide on above. @Gonzalo: Using public certs. When used only with Kamailio and any WebRTC2SIP client like JsSIP/SIP.js/SIPml5 calls work fine. Do you guys see anything wrong in HA Proxy Configs, as that part is new to me. Where else should I look? One more info: JsSIP is hosted on - some-other-domain with Apache on it. And the HA Proxy is hosted on another server with it's cert, hosting wss port and then load-balancing it to Kamailio web-sockets having same certs as HA Proxy (as they are public and for whole domain) On Fri, Feb 3, 2017 at 7:58 AM, Gonzalo Gasca Meza <gascagonz...@gmail.com> wrote: > Are you using self-signed certs? or public certs signed by public CA. > > On Thu, Feb 2, 2017 at 1:34 PM, Ludovic Gasc <gml...@gmail.com> wrote: > >> Hi, >> >> It might be a stupid question, but why you don't have WebSockets without >> TLS between HAProxy and Kamailio ? >> I've a similar setup to enable us to have on the same 443 port regular >> Web server and SIP WebSockets, for now, it works pretty well. >> >> -- >> Ludovic Gasc (GMLudo) >> Lead Developer Architect at ALLOcloud >> https://be.linkedin.com/in/ludovicgasc >> >> 2017-02-02 18:39 GMT+01:00 Jade SZ <jitterbuf...@gmail.com>: >> >>> Hi Guys, >>> >>> I am trying to setup the following flow: >>> >>> Browser >> WSS >> HA Proxy >>> WSS >> Kamailio >>> >>> But getting TLS errors in Kamailio logs: >>> *[29634]: ERROR: <core> [tcp_read.c:1321]: tcp_read_req(): ERROR: >>> tcp_read_req: error reading - c: 0x7f68ebe872b0 r: 0x7f68ebe87330* >>> *[29631]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS >>> accept:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number* >>> >>> Browser <-----wss---->Kamailio works fine with same certs. >>> >>> Both HA Proxy and Kamilio are installed on separate servers, hosting on >>> same port with different domain. Kamailio tls.conf has method = TLSv1 >>> >>> *@HA Proxy:* >>> >>> openssl s_client -connect HA-PROXY-DOMAIN:*10443* >>> >>> SSL-Session: >>> Protocol : TLSv1.2 >>> >>> *@Kamailio :* >>> openssl s_client -connect KAMAILIO-DOMAIN:*10443* >>> >>> SSL-Session: >>> Protocol : TLSv1 >>> >>> So I made HA Proxy to be on TLSv1 "ssl-default-bind-options >>> force-tlsv10" But still I get the same TLS error in Kamailio. >>> >>> *HA Proxy config looks like:* >>> >>> *frontend public* >>> * bind *:10443 ssl crt /etc/haproxy/certs/cert.pem* >>> * acl is_websocket hdr_end(host) -i m1.some-domain.com >>> <http://m1.some-domain.com>* >>> * use_backend wss if is_websocket* >>> * default_backend wss* >>> >>> *backend wss* >>> * timeout server 600s* >>> * server ws1 k1.some-domain.com:10443 <http://k1.some-domain.com:10443>* >>> * server ws1 k2.some-domain.com:10443 <http://k2.some-domain.com:10443>* >>> >>> >>> Need some direction, thanks in advance. >>> >>> >>> Regards, >>> Jade >>> >>> _______________________________________________ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>> sr-users@lists.sip-router.org >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >> >> > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
