Deploying Spring Boot application with Stomp over WSS using nginx
Does anyone have experience with Secure Websockets (WSS) over Nginx? I currently have this nginx config file, but the websockets stopped working once I switched from unsecure http:// and ws:// to https:// and wss:// (the https:// traffic and the rest of the application works fine though, just the websocket connection fails to establish)
Do I need to change anything on the Java Spring side or the Tomcat setup?
32 Replies
⌛ This post has been reserved for your question.
Hey @<Tim>! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.
What exactly happens?
The websocket connection fails to connect
Can you check the network tab?
it just shows the request headers afaik
Can you show it?
I'm interested in the actual websocket connection thing
What's shown wrt response in the network tab?
Does it show an error there?
the connection fails, so there's no response 🙈
If you want, you can try it out yourself, I just created a new test user:
https://sojourner-under-sabotage.se2.fim.uni-passau.de/
borman360
2b022767
2b022767
yeah but normally there's an error thing in the request list
I can see some 403s
Is it these requests you are talking about?
no, in the network tab view I can't see any errors. But I can check in the server logs again maybe
wait yes
why does it show a 403 for you lol
403 normally means forbidden
idk
and walking around works for me
but I have no idea how to turn off the audio
yup, but you can't talk to the robot or do anything else, because that works only with the EventSystem in place
click the mute icon at the browser tab xD I don't think there's another way yet, I should probably add that haha
yeah that's what I did
But for me, it's 403s
meaning the server rejects it
maybe the reverse proxy is configured to require some different authentication?
Do the nginx logs tell you the same thing?
these are the nginx error logs, nothing to see really :(
(the only errors are from 2h ago)
that's so weird. Maybe Spring Security has something to do with it
Ar you getting the SSL errors whenever a WSS connection is created?
actually doesn't look like it
yeah, could be Spring Security
the catalina and tomcat logs don't show anything. In the access logs I can at least see your 403's though
oh no, Spring Security and Websockets/Stomp was already sketchy to setup in the first place 😭
Thanks for your help so far, I will look into it :)
I will just leave my WebSocket and SpringSecurity Configs here, maybe someone sees something wrong with it 🙈
But I mean they worked fine for about a year now with ws://, just the ssl certificate making problems
Ok so I now gave up and reverted all changes. The websocket doesn't even work with ws:// now though 😭
certbot did something weird with my poor websockets
Maybe it only worked locally?
No, it worked in exactly this configuration for at least half a year without changes. I did multiple sessions of students playing the game in class last semester 🙈
very weird
well I can't help you mean with "doesn't work"
For diagnosing Spring related issues, you can configure logging differently
ok I fixed it xD
I just allowed any origin and pushed it, good enough 😅 I mean you have to be logged in to send anything to the websocket anyways
Thanks for trying it out and finding out about the 403 @dan1st | Daniel !! 😊
If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.
Post Closed
This post has been closed by <@330307656105328640>.