Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] IOT Sandbox server - Secure Websockets? 
Hi Ian

I use a self-signed cert. Works ok in Firefox (Windows) and Safari (iOS) after the user accepts the security exception.

Ray



> On 16 Jun 2015, at 11:09, Ian Craggs <icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> Hi Roger,
> 
> that would be great.  Any port will do.  I don't know about the self-signed certificate, whether browsers will accept that out of the box.  I guess the easiest way is to try it and see.
> 
> Ian
> 
>> On 06/15/2015 04:53 PM, Roger Light wrote:
>> Hi Ian,
>> 
>> I'll see about getting it supported - but it would be a self signed
>> certificate and couldn't be on port 80 or 443. Is that going to be ok?
>> 
>> Cheers,
>> 
>> Roger
>> 
>> 
>> On Mon, Jun 15, 2015 at 4:48 PM, Ian Craggs
>> <icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>> Hi Jan,
>>> 
>>> thanks for the info, very helpful.  What I'm trying to do is to default the
>>> online Paho web client example to a server which can be connected to.
>>> Ideally the Eclipse IoT sandbox server, for obvious reasons :-).
>>> 
>>> Eclipse.org seems to serve up the page as https by default or most of the
>>> time, and then the browsers won't allow a non-secure websocket connection
>>> out.  I can get a connection to work by loading the page with http rather
>>> than https but that takes some effort and is not something I want to ask
>>> anyone to do.  The sample utility needs to be updated for connection options
>>> and TLS support anyway.  We'll do that in due course (when James has time
>>> during or after his stint at Wimbledon).
>>> 
>>> Ian
>>> 
>>> 
>>> On 06/15/2015 03:27 PM, Jan Weitz wrote:
>>> 
>>> Hi Ian,
>>> 
>>> you might want to try the HiveMQ websocket broker for testing.
>>> 
>>> http://www.hivemq.com/demos/websocket-client/
>>> 
>>> This worked for us in testing before we setup mosquitto with TLS.
>>> 
>>> You might also put a NGINX locally in front of plain websocket mosquitto,
>>> without putting any certs in mosquitto.conf, but keeping them in NGINX.
>>> 
>>> ```
>>> location /broker/ {
>>> access_log off;
>>> proxy_pass http://127.0.0.1:40002;
>>> proxy_set_header X-Real-IP $remote_addr;
>>> proxy_set_header Host $host;
>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>> 
>>> proxy_http_version 1.1;
>>> proxy_set_header Upgrade $http_upgrade;
>>>  proxy_set_header Connection "upgrade";
>>> }
>>> ```
>>> 
>>> Greetings,
>>> 
>>> Jan
>>> 
>>> On 15 Jun 2015, at 15:35, Ian Craggs <icraggs@xxxxxxxxxxxxxxxxxxxxxxx>
>>> wrote:
>>> 
>>> Hi Roger,
>>> 
>>> thanks.
>>> 
>>> Ian
>>> 
>>> 
>>> On 06/15/2015 01:22 PM, Roger Light wrote:
>>> 
>>> Hi Ian,
>>> 
>>> No it doesn't. The websockets interface is provided by
>>> apache+mod_websocket_mosquitto, I don't know if it would be possible
>>> to have it do TLS.
>>> 
>>> Cheers,
>>> 
>>> Roger
>>> 
>>> 
>>> 
>>> On Mon, Jun 15, 2015 at 12:51 PM, Ian Craggs
>>> <icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>> 
>>> Does the Mosquitto sandbox server at iot.eclipse.org have a secure (TLS)
>>> websockets port?  Is that port 80 as well?
>>> 
>>> Just testing a sample, simple web application for the Paho JavaScript
>>> client: https://www.eclipse.org/paho/clients/js/utility/index.html
>>> 
>>> --
>>> Ian Craggs
>>> icraggs@xxxxxxxxxx                 IBM United Kingdom
>>> Paho Project Lead; Committer on Mosquitto
>>> 
>>> _______________________________________________
>>> mosquitto-dev mailing list
>>> mosquitto-dev@xxxxxxxxxxx
>>> To change your delivery options, retrieve your password, or unsubscribe from
>>> this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>> 
>>> _______________________________________________
>>> mosquitto-dev mailing list
>>> mosquitto-dev@xxxxxxxxxxx
>>> To change your delivery options, retrieve your password, or unsubscribe from
>>> this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>> 
>>> 
>>> --
>>> Ian Craggs
>>> icraggs@xxxxxxxxxx                 IBM United Kingdom
>>> Paho Project Lead; Committer on Mosquitto
>>> 
>>> _______________________________________________
>>> mosquitto-dev mailing list
>>> mosquitto-dev@xxxxxxxxxxx
>>> To change your delivery options, retrieve your password, or unsubscribe from
>>> this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> mosquitto-dev mailing list
>>> mosquitto-dev@xxxxxxxxxxx
>>> To change your delivery options, retrieve your password, or unsubscribe from
>>> this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>> 
>>> 
>>> --
>>> Ian Craggs
>>> icraggs@xxxxxxxxxx                 IBM United Kingdom
>>> Paho Project Lead; Committer on Mosquitto
>>> 
>>> 
>>> _______________________________________________
>>> mosquitto-dev mailing list
>>> mosquitto-dev@xxxxxxxxxxx
>>> To change your delivery options, retrieve your password, or unsubscribe from
>>> this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
> 
> -- 
> Ian Craggs
> icraggs@xxxxxxxxxx                 IBM United Kingdom
> Paho Project Lead; Committer on Mosquitto
> 
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top