Examples of configuring WSS connections

Step 1: Publish HTTPS port on the external IP

Note: If the module is behind NAT, the settings should be made on the corresponding proxying device.

Settings for FreePBX with an external address:

By default (if the Firewall module is enabled) FreePBX blocks all ports unknown to it. Let's add the necessary ones in the firewall settings:

example of a link to the corresponding menu item:https://freepbx.example.com/admin/config.php?display=firewall

Step 2: Write a record in DNS for the external address where the module is published

As a rule, it is done through the personal cabinet of the provider that serves the client's domain.

Step 3. Issue SSL certificate

If the client already has a certificate, then copy the files (the certificate itself, the key) to the server with the module. If there is no certificate, then issue it (there are many solutions here).

Option to issue a free certificate through FreePBX: https://freepbx.example.com/admin/config.php?display=certman

Step 4: Specify the path to the certificate in the module

Save the settings.

Step 5. Specify the address of the web sockets to where you want them to go

A reference of the form wss://freepbx.example.com:8078/…

When a certificate is reissued, the service must be restarted for the module to load the updated certificate files.

This example shows how to set up a WSS connection using Nginx or Apache

Configuration for Nginx

Open the Nginx configuration file:

nano /etc/nginx/nginx.conf

Add configuration for WSS:

server {
    listen 443 ssl;
    server_name your_domain.com;

    ssl_certificate /etc/nginx/ssl/server.crt;   
    # The path to your SSL certificate from Let's Encrypt
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location /ws/ {
        proxy_pass wss://freepbx.example.com:8078;   
        # The address of your WebSocket server
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_set_header Origin "";
    }
}

Check the configuration and restart Nginx:

nginx -t
systemctl restart nginx

Configuration for Apache

Open the Apache configuration file:

nano /etc/httpd/conf.d/ssl.conf

Add or modify a configuration block for the WSS:

<VirtualHost *:443>
    ServerName your_domain.com

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/server.crt   
    # Or the path to your SSL certificate from Let's Encrypt
    SSLCertificateKeyFile /etc/httpd/ssl/server.key

    <Location /ws/>
        ProxyPass "wss://freepbx.example.com:8078/"   
        # The address of your WebSocket server
        ProxyPassReverse "wss://freepbx.example.com:8078/"
        ProxyPreserveHost On
        RequestHeader set Connection "upgrade"
        RequestHeader set Upgrade "websocket"
    </Location>
</VirtualHost>

Restart Apache:

systemctl restart httpd

PreviousCustom SSL certificates for https requests NextConverting recordings to MP3 before sending to Bitrix24

Last updated 1 month ago

hashtagStep 1: Publish HTTPS port on the external IP

hashtagStep 2: Write a record in DNS for the external address where the module is published

hashtagStep 3. Issue SSL certificate

hashtagStep 4: Specify the path to the certificate in the module

hashtagStep 5. Specify the address of the web sockets to where you want them to go

hashtagConfiguration for Nginx

hashtagConfiguration for Apache