wss self signed nginx certificate and connecting to substrate node template

[mahalamobile]

neil@dtl:~/substrate/substrate-node-template$ ./target/release/node-template --dev --tmp --unsafe-ws-external --rpc-external --rpc-cors all

i run the following to bring up my node template

i have self signed cert for the nginx on the domain dltlab.co.za (154.114.57.236), see https://www.dltlab.co.za
i then connect

https://polkadot.js.org/apps/?rpc=wss%3A%2F%2F154.114.57.236%3A9944#/explorer

Dec 01 11:12:18.020 INFO ✨ Imported paritytech/substrate#1 (0xe495…39b0)
Dec 01 11:12:18.078 INFO Accepted a new tcp connection from 102.65.218.50:63553.
Dec 01 11:12:18.079 ERROR WS Error <Http(Token)>: Invalid byte where token is required.

I get a connection on the substrate node but get this error
ERROR WS Error <Http(Token)>: Invalid byte where token is required.

any help appreciated

thanks

[farukterzioglu]

If you are following this doc https://wiki.polkadot.network/docs/en/maintain-wss
try to access your node via 443 port, defined as

listen [::]:443 ssl ipv6only=on;
listen 443 ssl;

[farukterzioglu]

https://polkadot.js.org/apps/?rpc=wss%3A%2F%2F154.114.57.236%3A443#/explorer

[mahalamobile]

yes this https://wiki.polkadot.network/docs/en/maintain-wss
and to run
neil@dtl:~/substrate/substrate-node-template$ ./target/release/node-template --dev --tmp --unsafe-ws-external --rpc-external --rpc-cors all
here is the default nginx

server {

    server_name dltlab.co.za;

    root /var/www/html;
    index index.html;

    location / {
      try_files $uri $uri/ =404;

      proxy_pass http://localhost:9944;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }

    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    ssl_session_cache shared:cache_nginx_SSL:1m;
    ssl_session_timeout 1440m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

}

so if i connect wss://154.114.57.236:443, doesnt reach the node
if i connect wss://154.114.57.236:9944, the WS Error Http inavlid byte token
if i connect wss://154.114.57.236:9933 (which i read is the correct port) i get invalid websocket key

if i goto https://www.dltlab.co.za, then the cert is picked up, and can add to whitelist in chrome

Any help here

thanks

[farukterzioglu]

Not sure but you can try followings;

reach as wss://dltlab.co.za:443

or update server1.conf with different port than 443

listen [::]:9955 ssl ipv6only=on;
listen 9955 ssl;

and try to access with wss://dltlab.co.za:9955 or wss://154.114.57.236:9955

or update server1.conf with different server name as

server_name 154.114.57.236;

and try to access with wss://154.114.57.236:443

[mahalamobile]

no matter what i try i keep getting

WebSocket Protocol Error: Unable to parse WebSocket key.

[nuke-web3]

@mahalamobile is this still an issue? were you eventually able to solve it? If so, mind letting others know the fix here for future reference? If not, please reopen this and I will look into it further.