Search code examples
phpwebsocketstunnel

php websocket redirect with stunnel

I built a php websocket server javascript clients to connect to it. It's working fine without SSL. My next Step is to improve security with using wss instead of ws (an so enabling https on the website).

My intention is to decrypt incoming traffic and redirect it to the websocketserver using stunnel on CentOS 6.

The first step is to simply redirect the requests from the clients to the server:

client-request: ws://soundjack.eu:9030/wsServer2.php

server: socket created listening on 144.76.81.210:9090 running php -q wsServer2.php

coresponding stunnel config:

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/run/stunnel/
;setuid = nobody
;setgid = nobody
; PID is created inside the chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration
[wsServer]
accept = 127.0.0.1:9030
connect = 127.0.0.1:9090

stunnel starts correct and is listening to port 9030.

Every request that is sendet by a client gehts abortet (checked firebug console). On Chrome it says status: finished, without any further information.

I quite don't know what the error is, so any help would be great. Thanks!

Solution

  • It finaly works!!! Even with SSL it works great.

    The clue was to chance the config of stunnel to work correct (Update using SSL now):

    /etc/stunnel/stunnel.conf:

    ; Certificate/key is needed in server mode and optional in client mode
cert = /path/to/<myCert>.pem
key = /path/to/<myKey>.key

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/run/stunnel/

; PID is created inside the chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel/stunnel.log
;foreground = yes

; Use it for client mode
;client = yes                     !! turn to server mode

; Service-level configuration
[wsServer]
accept = 0.0.0.0:9030             !! listen to all addresses
connect = 127.0.0.1:9090

    Note: marks with !! are no valid comments! I inserted them only to show the changes.