Examples of configuring WSS connections

PreviousCustom SSL certificates for https requests NextConverting recordings to MP3 before sending to Bitrix24

Last updated 7 months ago

Was this helpful?

Examples of configuring WSS connections

Step 1: Publish HTTPS port on the external IP

Note: If the module is behind NAT, the settings should be made on the corresponding proxying device.

Settings for FreePBX with an external address:

By default (if the Firewall module is enabled) FreePBX blocks all ports unknown to it. Let's add the necessary ones in the firewall settings:

example of a link to the corresponding menu item:

Step 2: Write a record in DNS for the external address where the module is published

As a rule, it is done through the personal cabinet of the provider that serves the client's domain.

Step 3. Issue SSL certificate

If the client already has a certificate, then copy the files (the certificate itself, the key) to the server with the module. If there is no certificate, then issue it (there are many solutions here).

Step 4: Specify the path to the certificate in the module

Save the settings.

Step 5. Specify the address of the web sockets to where you want them to go

When a certificate is reissued, the service must be restarted for the module to load the updated certificate files.

This example shows how to set up a WSS connection using Nginx or Apache

Configuration for Nginx

Open the Nginx configuration file:

nano /etc/nginx/nginx.conf

Add configuration for WSS:

server {
    listen 443 ssl;
    server_name your_domain.com;

    ssl_certificate /etc/nginx/ssl/server.crt;   # Or the path to your SSL certificate from Let's Encrypt
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location /ws/ {
        proxy_pass wss://freepbx.example.com:8078;   # The address of your WebSocket server
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_set_header Origin "";
    }
}

Check the configuration and restart Nginx:

nginx -t
systemctl restart nginx

Configuration for Apache

Open the Apache configuration file:

nano /etc/httpd/conf.d/ssl.conf

Add or modify a configuration block for the WSS:

<VirtualHost *:443>
    ServerName your_domain.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/server.crt   # Or the path to your SSL certificate from Let's Encrypt
    SSLCertificateKeyFile /etc/httpd/ssl/server.key

    <Location /ws/>
        ProxyPass "wss://freepbx.example.com:8078/"   # The address of your WebSocket server
        ProxyPassReverse "wss://freepbx.example.com:8078/"
        ProxyPreserveHost On
        RequestHeader set Connection "upgrade"
        RequestHeader set Upgrade "websocket"
    </Location>
</VirtualHost>

Restart Apache:

systemctl restart httpd

PreviousCustom SSL certificates for https requests NextConverting recordings to MP3 before sending to Bitrix24

Last updated 7 months ago

Was this helpful?

Step 1: Publish HTTPS port on the external IP

Note: If the module is behind NAT, the settings should be made on the corresponding proxying device.

Settings for FreePBX with an external address:

By default (if the Firewall module is enabled) FreePBX blocks all ports unknown to it. Let's add the necessary ones in the firewall settings:

example of a link to the corresponding menu item:

Step 2: Write a record in DNS for the external address where the module is published

As a rule, it is done through the personal cabinet of the provider that serves the client's domain.

Step 3. Issue SSL certificate

Option to issue a free certificate through FreePBX:

Step 4: Specify the path to the certificate in the module

Save the settings.

Step 5. Specify the address of the web sockets to where you want them to go

A reference of the form

When a certificate is reissued, the service must be restarted for the module to load the updated certificate files.

This example shows how to set up a WSS connection using Nginx or Apache

Configuration for Nginx

Open the Nginx configuration file:

nano /etc/nginx/nginx.conf

Add configuration for WSS:

server {
    listen 443 ssl;
    server_name your_domain.com;

    ssl_certificate /etc/nginx/ssl/server.crt;   # Or the path to your SSL certificate from Let's Encrypt
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location /ws/ {
        proxy_pass wss://freepbx.example.com:8078;   # The address of your WebSocket server
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_set_header Origin "";
    }
}

Check the configuration and restart Nginx:

nginx -t
systemctl restart nginx

Configuration for Apache

Open the Apache configuration file:

nano /etc/httpd/conf.d/ssl.conf

Add or modify a configuration block for the WSS:

<VirtualHost *:443>
    ServerName your_domain.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/server.crt   # Or the path to your SSL certificate from Let's Encrypt
    SSLCertificateKeyFile /etc/httpd/ssl/server.key

    <Location /ws/>
        ProxyPass "wss://freepbx.example.com:8078/"   # The address of your WebSocket server
        ProxyPassReverse "wss://freepbx.example.com:8078/"
        ProxyPreserveHost On
        RequestHeader set Connection "upgrade"
        RequestHeader set Upgrade "websocket"
    </Location>
</VirtualHost>

Restart Apache:

systemctl restart httpd