Ssl3 wrong version

zaddle · May 20, 2023, 5:07pm

1. The problem I’m having:

I am trying to reverse proxy my text microservice.
it has the following routes :
ws api chat?username=foo
http api GET /users

2. Error messages and/or full log output:

routines:ssl3_get_record:wrong version

3. Caddy version:

./caddy version
e8352aef38642c20ff528836b6581094f087eb99 (16 May 23 05:18 UTC)
I think v2.6.4.

4. How I installed and ran Caddy:

I just clone from repo.

a. System environment:

I’m not running docker. my architecture is debian.

Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye

b. Command:

I made a caddyfile and ran caddy run

caddy run

d. My complete Caddy config:

:2015

@websockets {
	header Connection *Upgrade*
	header Upgrade websocket
}
reverse_proxy @websockets localhost:6000

reverse_proxy /chat localhost:6000
reverse_proxy /users* localhost:6000

francislavoie · May 21, 2023, 2:13pm

zaddle:

@websockets {
	header Connection *Upgrade*
	header Upgrade websocket
}
reverse_proxy @websockets localhost:6000

reverse_proxy /chat localhost:6000
reverse_proxy /users* localhost:6000

Since you’re proxying everything to the same place, change all this to simply this:

reverse_proxy localhost:6000

You don’t need to use matchers if you don’t need to do anything different with the request.

Where are you seeing this? What’s in Caddy’s logs? Turn on the debug global option for more detailed logs.

Are you proxying to the TLS endpoint of your app? Make sure your app is expecting HTTP, not HTTPS.

zaddle · May 22, 2023, 12:38am

I change it to the following :

{
 debug
}
:2015
reverse_proxy localhost:6000

though, it only proxies on http and ws. I’m a bit lost why I can’t connect through wss or https ?!
also, if I just do this reverse_proxy localhost:6000 in Caddyfile, I get the following error:

Error: loading initial config: loading new config: http app module: start: listening on :6000: listen tcp :6000: bind: address already in use

I am setting using the following commands:

 wscat -c 'ws://localhost:2015/chat?username=foo'

 curl 'http://localhost:2015/version'

the error I get for wss is

wscat -c 'wss://localhost:2015/chat?username=foo'
error: write EPROTO C0D76DAA167F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:

wscat -c 'wss://localhost:443/chat?username=foo'
error: connect ECONNREFUSED ::1:443

francislavoie · May 22, 2023, 3:03am

Caddy will default to listening for HTTPS if you use a valid domain name as your site address. If you use a non-standard port, it will only listen for HTTP. See the docs: Caddyfile Concepts — Caddy Documentation

The reason you get that error if you remove :2015 is because it becomes an invalid Caddyfile. See the docs page above, it explains how the Caddyfile is structured. You must have a site address as the first thing (except for global options and snippets).

FYI, wss is not a real protocol scheme, is just a shortcut in the browser to mean “WebSockets over HTTPS”. In reality, it’s just an HTTPS connection to start, which gets upgraded to a raw TCP connection (with TLS) after the handshake.

system · June 21, 2023, 3:04am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.