I have setup a Full Node running at a local server at 192.168.2.254. I'm just trying to make a simple script which is basically subscribe to new heads on the blockchain.
const { ApiPromise, WsProvider } = require('@polkadot/api');
async function main () {
const wsProvider = new WsProvider('wss://192.168.2.254:9944');
const api = await ApiPromise.create({ provider: wsProvider });
let count = 0;
const unsubscribe = await api.rpc.chain.subscribeNewHeads((header) => {
console.log(`Chain is at block: #${header.number}`);
if (++count === 256) {
unsubscribe();
process.exit(0);
}
});
}
main().catch(console.error);
On the server, I've also setup nginx with a self signed ssl certificate as suggested by Polkadot wiki. Here is the block config:
server {
server_name 192.168.2.254
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
proxy_pass http://localhost:9944;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_session_cache shared:cache_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
ssl_dhparam /etc/ssl/certs/dhparam.pem;
}
If I run the script directly on the server, with no provider configured (it will use ws://127.0.0.1:9944) by default, there is no problem. But when I run it on my local machine to point to wss://192.168.2.254:9944, the output is connection failed with code 1006:
node listenToBlock.js ─╯
2020-09-10 14:19:29 API-WS: disconnected from ws://192.168.2.254:9944 code: '1006' reason: 'connection failed'
_Event {
type: 'error',
isTrusted: false,
_yaeti: true,
target:
W3CWebSocket {
_listeners: {},
addEventListener: [Function: _addEventListener],
removeEventListener: [Function: _removeEventListener],
dispatchEvent: [Function: _dispatchEvent],
_url: 'ws://192.168.2.254:9944',
_readyState: 3,
_protocol: undefined,
_extensions: '',
_bufferedAmount: 0,
_binaryType: 'arraybuffer',
_connection: undefined,
_client:
WebSocketClient {
_events: [Object: null prototype] {},
_eventsCount: 0,
_maxListeners: undefined,
config: [Object],
_req: null,
protocols: [],
origin: undefined,
url: [Url],
secure: false,
base64nonce: 'cUJFFas2Ec3aN5YlHSxehg==' },
onclose: [Function: value],
onerror: [Function: value],
onmessage: [Function: value],
onopen: [Function: value] },
cancelable: true,
stopImmediatePropagation: [Function] }
2020-09-10 14:19:30 API-WS: disconnected from ws://192.168.2.254:9944 code: '1006' reason: 'connection failed'
2020-09-10 14:19:31 API-WS: disconnected from ws://192.168.2.254:9944 code: '1006' reason: 'connection failed'
I also tried to use https://polkadot.js.org/apps/#/explorer with a development endpoint set to wss://192.168.2.254 successfully after accepting the unverified certificate in the browser.
My best guess is connection from the script on my local machine needs to accept the unverified certificates too, but I cannot find any documents to help with that. I appreciate any help from you!
At the endpoint url, providing port 9944 is wrong because wss always default to use port 443.
I solved this problem by running the script with
NODE_TLS_REJECT_UNAUTHORIZED=0 node listenToBlock.js
Seems like an OK workaround for dev environment.