I'm using the package beyondcode/laravel-websockets.
My problem here is when I set the 'verify_peer' => true the websocket is not working, but when the value is false it is working. Is there anyone here managed to make this to work?
For production website, I want set the verify_peer to true to prevent man-in-the-middle attack.
I have a website, lets say aceraven777.com, it already has SSL installed (in the cPanel it has autoSSL enabled).
In the websockets config I entered the same path (the one that cPanel generated) for the certificate and private key.
The chrome throws an error:
WebSocket connection to 'wss://aceraven777.com:6001/app/asdfswerqwsafasfd?protocol=7&client=js&version=4.3.1&flash=false' failed:
createWebSocket # pusher.min.js:8
This is the error in firefox:
Firefox can’t establish a connection to the server at wss://aceraven777.com:6001/app/asdfswerqwsafasfd?protocol=7&client=js&version=4.3.1&flash=false. pusher.min.js:8:6335
Below are the settings I used:
config/websockets.php
'ssl' => [
/*
* Path to local certificate file on filesystem. It must be a PEM encoded file which
* contains your certificate and private key. It can optionally contain the
* certificate chain of issuers. The private key also may be contained
* in a separate file specified by local_pk.
*/
'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),
/*
* Path to local private key file on filesystem in case of separate files for
* certificate (local_cert) and private key.
*/
'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),
/*
* Passphrase for your local_cert file.
*/
'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),
'verify_peer' => true,
],
config/broadcasting.php
'pusher' => [
'driver' => 'pusher',
'key' => env('PUSHER_APP_KEY'),
'secret' => env('PUSHER_APP_SECRET'),
'app_id' => env('PUSHER_APP_ID'),
'options' => [
'cluster' => env('PUSHER_APP_CLUSTER'),
'host' => env('PUSHER_APP_HOST'),
'port' => env('PUSHER_APP_PORT'),
'useTLS' => true,
'scheme' => 'https',
'curl_options' => [
CURLOPT_SSL_VERIFYHOST => 1,
CURLOPT_SSL_VERIFYPEER => 1,
],
],
// Configuration for laravel mix JS
'mix' => [
'host' => env('MIX_PUSHER_APP_HOST'),
'key' => env('MIX_PUSHER_APP_KEY'),
'cluster' => env('MIX_PUSHER_APP_CLUSTER'),
'port' => env('MIX_PUSHER_APP_PORT'),
],
],
You probably need to specify a Certificate Authority file on the local filesystem.
This is the source of 95% of these errors on production servers.
The other 4% are caused by self-signed certificates, which I doubt you have in a production environment.
You will need to modify your config/websockets.php
'ssl' => [
// ...
'capath' => env('LARAVEL_WEBSOCKETS_SSL_CA', null),
],
The CA path typically a directory similar to /etc/ssl/certs/.
If this does not work try allowing self-signed certs:
'ssl' => [
// ...
'allow_self_signed' => true,
],
For more information, you should look at the PHP specification for SSL verify peer.
This article helped me a lot some time ago implementing websockets especially with SSL certificate:
https://christoph-rumpel.com/2020/11/laravel-real-time-notifications
You also have git repositories telling you how to implement with and without SSL.
To me it seems, you are not connecting to the correct port.
PusherJs uses default web ports 80 and 443, as described here: https://pusher.com/docs/channels/library_auth_reference/pusher-websockets-protocol
Change the port inside your .env file
Related
I'm using this Laravel websockets package to have my own websocket server.
As mentioned in package documentation, I have this configuration:
.env setting:
PUSHER_APP_ID=761772
PUSHER_APP_KEY=qwerty
PUSHER_APP_SECRET=secret
PUSHER_APP_CLUSTER=ap2
broadcasting.php:
'pusher' => [
'driver' => 'pusher',
'key' => env('PUSHER_APP_KEY'),
'secret' => env('PUSHER_APP_SECRET'),
'app_id' => env('PUSHER_APP_ID'),
'options' => [
'cluster' => env('PUSHER_APP_CLUSTER'),
'encrypted' => true,
//'host' => '105.208.174.8', <--I did test this too
'host' => '127.0.0.1',
'port' => 6001,
'scheme' => 'https'//<--Tested with http
],
],
websockets.php:
'apps' => [
[
'id' => env('PUSHER_APP_ID'),
'name' => env('APP_NAME'),
'key' => env('PUSHER_APP_KEY'),
'secret' => env('PUSHER_APP_SECRET'),
'enable_client_messages' => false,
'enable_statistics' => true,
],
],
bootstrap.js:
/**
* Echo exposes an expressive API for subscribing to channels and listening
* for events that are broadcast by Laravel. Echo and event broadcasting
* allows your team to easily build robust real-time web applications.
*/
import Echo from 'laravel-echo'
window.Pusher = require('pusher-js');
window.Echo = new Echo({
broadcaster: 'pusher',
key: 'qwerty',
wsHost: window.location.hostname,
wsPort: 6001,
disableStats: true,
encrypted: true,
enabledTransports: ['ws', 'wss'] //This was added from issue 86
});
This is issue number 86 in package repository
I'm using letsencrypt with my directadmin control panel and this is my SSL part of websockets.php configuration:
'ssl' => [
/*
* Path to local certificate file on filesystem. It must be a PEM encoded file which
* contains your certificate and private key. It can optionally contain the
* certificate chain of issuers. The private key also may be contained
* in a separate file specified by local_pk.
*/
//'local_cert' => null,
'local_cert' => '/home/myDomain/domains/myDomain/public_html/vendor/react/socket/examples/localhost.pem',
//'local_cert' => '/usr/local/directadmin/data/users/myDomain/domains/myDomain.ir.cert',
/*
* Path to local private key file on filesystem in case of separate files for
* certificate (local_cert) and private key.
*/
//'local_pk' => null,
'local_pk' => '/usr/local/directadmin/data/users/myDomain/domains/myDomain.ir.key',
/*
* Passphrase for your local_cert file.
*/
'passphrase' => null,
],
But when I use php artisan websockets:serve, It seems there's something wrong about connection and the myDomain.com/laravel-websockets admin panel says:
Channel's current state is unavailable
and the console says:
Firefox can’t establish a connection to the server at wss://myDomain.ir:6001/app/qwerty?protocol=7&client=js&version=4.3.1&flash=false.
pusher.min.js:8:6335
The connection to wss://myDomain.ir:6001/app/qwerty?protocol=7&client=js&version=4.3.1&flash=false was interrupted while the page was loading.
Does anyone know what's my issue and how should I solve this?
I had the same issue and the problem was the read access of the local_cert and local_pk.
You can use sudo php artisan websocket:serve to try if this is the issue.
If it's the case, add read access to the files or use a user with the access in /etc/supervisor/conf.d/websockets.conf
I had the same problem, I was using Homestead, are you on homestead, if so you should be using supervisor(Debian based) or supervisord (REDHat based) OS to run the laravel socket without manually entering the command "php artisan websockets:serve" at all times.
You can refer to this documentation. https://docs.beyondco.de/laravel-websockets/1.0/basic-usage/starting.html#restricting-the-listening-host
For SSL I also followed this documentation with Valet: https://docs.beyondco.de/laravel-websockets/1.0/basic-usage/ssl.html#usage-with-laravel-valet
I had the same issue first you have to make sure that port you are trying to run is open or not. if you are running socket server on shared hosting then its not possible or you can talk with customer support and they will open port for you. if you have vps or dedicated server you can open port from your control panel. first try to run without ssl if its running fine it means that your port is open then config your ssl config.
If you are using Laravel < 8.0, try composer require pusher/pusher-php-server ^4.1.
my be you have not run server
php artisan websockets:serve
http://127.0.0.1:8000/laravel-websockets
I was struggling with 500 Error till I figured it out
Error message: Attempt to read property "key" on null
authEndpoint: `http://localhost:3060/laravel-websockets/auth`,
auth: {
headers: {
'x-app-id': '**App ID**', // => my issue was HERE
Authorization: 'Bearer jwt TOKEN',
'Access-Control-Allow-Origin': '*'
}
}
and I found it by looking into the file in vendor\beyondcode\laravel-websockets\src\Dashboard\Http\Controllers\AuthenticateDashboard.php
$app = App::findById($request->header('x-app-id'));
$broadcaster = new PusherBroadcaster(new Pusher(
$app->key,
$app->secret,
$app->id,
[]
));
and changed the middlware in App\Providers\BroadcastServiceProvider.php
// from
// Broadcast::routes();
// to
Broadcast::routes(['middleware' => ['auth:api']]);
another change in App\config\websockets.php
'middleware' => [
'api', // => changed it from web to api
Authorize::class,
],
hope this help :)
I'm trying to send an email with this configuration:
return [
'driver' => 'smtp',
'host' => 'mail.mydomain.com',
'port' => 26,
'from' => ['address' => 'mailer#mydomain.com', 'name' => 'Mailer'],
'encryption' => 'tls',
'username' => env('MAIL_USERNAME'),
'password' => env('MAIL_PASSWORD'),
'sendmail' => '/usr/sbin/sendmail -bs',
'pretend' => false,
];
When I submit the form I receive this erorr:
ErrorException in StreamBuffer.php line 95:
stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I found this solution where people seems to have solved the problem with the same library but I cant manage to solve it in Laravel.
https://github.com/PHPMailer/PHPMailer/issues/368
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
Add this at bottom of your config/mail.php
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
this will solve your problem.
In case you are using Laravel 7.0 you can disable SSL verification in SwiftMailer this way (please note that disabling SSL verification is not recommended!):
config/mail.php
'mailers' => [
'smtp' => [
'transport' => 'smtp',
'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
'port' => env('MAIL_PORT', 587),
'encryption' => env('MAIL_ENCRYPTION', 'tls'),
'username' => env('MAIL_USERNAME'),
'password' => env('MAIL_PASSWORD'),
'timeout' => null,
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
],
],
EDIT: Since Laravel 9 depreciated SwiftMailer has been replaced with Symfony Mailer. According to update guide they way you disable TLS peer verification has changed as well.
'smtp' => [
// Laravel 8.x...
'stream' => [
'ssl' => [
'verify_peer' => false,
],
],
// Laravel 9.x...
'verify_peer' => false,
],
Well in that link you provided the solution is straight-forward.
The correct solution is to fix your SSL config - it's not PHP's fault!
how to fix it? in config/mail.php ,'driver' => env('MAIL_DRIVER', 'smtp'), should be 'driver' => env('MAIL_DRIVER', 'mail'), (credits: Danyal Sandeelo)
In Laravel 9 defining stream options for the SMTP transport is no longer supported. Instead, you must define the relevant options directly within the configuration if they are supported. For example, to disable TLS peer verification:
'smtp' => [
// Laravel 8.x...
'stream' => [
'ssl' => [
'verify_peer' => false,
],
],
// Laravel 9.x...
'verify_peer' => false,
],
In my case the problem was related to SSL. My SMTP has a self-signed certificate and my laravel was running on top of PHP 5.6 which disables the 'allow_self_signed' context variable to false and enables 'verify_peer' and hence poping the error when sending an email.
Since I didn't wanted to hack around swiftmailer code I added the Certificate Authority (CA) file of my server as trusted CA for my system executing laravel.
I did that getting the CA cert of my smtp server, something like
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAMZjjNg64RQwMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
VQQGEwJVUzEMMAoGA1UECBMDTi9BMQwwCgYDVQQHEwNOL0ExJDAiBgNVBAoTG1pp
...
5a8a4QEwWmnAOgHetsOCvhfeGW3yAJPD8Q==
-----END CERTIFICATE-----
and write it in my laravel machine which has an ubuntu 14.04 to a file named /usr/local/share/ca-certificates/my_cert.crt. It is crucial to end the file with .crt and also make it readable for everyone.
Then call update-ca-certificates and the certificate will be added to the list of valid CAs of your server.
My Laravel application should copy files to another remote host. The remote host is accessible only via SCP with a private key. I would like to configure a new file storage (similarly as FTP), but I have found no information, how to define an SCP driver.
You'll need to install the SFTP driver for Flysystem, the library Laravel uses for its filesystem services:
composer require league/flysystem-sftp
Here's an example configuration that you can tweak. Add to the disks array in config/filesystems.php:
'sftp' => [
'driver' => 'sftp',
'host' => 'example.com',
'port' => 21,
'username' => 'username',
'password' => 'password',
'privateKey' => 'path/to/or/contents/of/privatekey',
'root' => '/path/to/root',
'timeout' => 10,
]
Extend Laravel's filesystem with the new driver by adding the following code to the boot() method of AppServiceProvider (or other appropriate service provider):
use Storage;
use League\Flysystem\Filesystem;
use League\Flysystem\Sftp\SftpAdapter;
...
public function boot()
{
Storage::extend('sftp', function ($app, $config) {
return new Filesystem(new SftpAdapter($config));
});
}
Then you can use Laravel's API as you would for the local filesystem:
Storage::disk('sftp')->put('path/filename.txt', $fileContents);
Now, official documentation has instructions for SFTP connection:
https://laravel.com/docs/8.x/filesystem#sftp-driver-configuration
SFTP: composer require league/flysystem-sftp "~1.0"
SFTP Driver Configuration Laravel's Flysystem integrations work great
with SFTP; however, a sample configuration is not included with the
framework's default filesystems.php configuration file. If you need to
configure an SFTP filesystem, you may use the configuration example
below:
'sftp' => [
'driver' => 'sftp',
'host' => 'example.com',
'username' => 'your-username',
'password' => 'your-password',
// Settings for SSH key based authentication...
'privateKey' => '/path/to/privateKey',
'password' => 'encryption-password',
// Optional SFTP Settings...
// 'port' => 22,
// 'root' => '',
// 'timeout' => 30,
],
I'm trying to send an email with this configuration:
return [
'driver' => 'smtp',
'host' => 'mail.mydomain.com',
'port' => 26,
'from' => ['address' => 'mailer#mydomain.com', 'name' => 'Mailer'],
'encryption' => 'tls',
'username' => env('MAIL_USERNAME'),
'password' => env('MAIL_PASSWORD'),
'sendmail' => '/usr/sbin/sendmail -bs',
'pretend' => false,
];
When I submit the form I receive this erorr:
ErrorException in StreamBuffer.php line 95:
stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I found this solution where people seems to have solved the problem with the same library but I cant manage to solve it in Laravel.
https://github.com/PHPMailer/PHPMailer/issues/368
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
Add this at bottom of your config/mail.php
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
this will solve your problem.
In case you are using Laravel 7.0 you can disable SSL verification in SwiftMailer this way (please note that disabling SSL verification is not recommended!):
config/mail.php
'mailers' => [
'smtp' => [
'transport' => 'smtp',
'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
'port' => env('MAIL_PORT', 587),
'encryption' => env('MAIL_ENCRYPTION', 'tls'),
'username' => env('MAIL_USERNAME'),
'password' => env('MAIL_PASSWORD'),
'timeout' => null,
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
],
],
EDIT: Since Laravel 9 depreciated SwiftMailer has been replaced with Symfony Mailer. According to update guide they way you disable TLS peer verification has changed as well.
'smtp' => [
// Laravel 8.x...
'stream' => [
'ssl' => [
'verify_peer' => false,
],
],
// Laravel 9.x...
'verify_peer' => false,
],
Well in that link you provided the solution is straight-forward.
The correct solution is to fix your SSL config - it's not PHP's fault!
how to fix it? in config/mail.php ,'driver' => env('MAIL_DRIVER', 'smtp'), should be 'driver' => env('MAIL_DRIVER', 'mail'), (credits: Danyal Sandeelo)
In Laravel 9 defining stream options for the SMTP transport is no longer supported. Instead, you must define the relevant options directly within the configuration if they are supported. For example, to disable TLS peer verification:
'smtp' => [
// Laravel 8.x...
'stream' => [
'ssl' => [
'verify_peer' => false,
],
],
// Laravel 9.x...
'verify_peer' => false,
],
In my case the problem was related to SSL. My SMTP has a self-signed certificate and my laravel was running on top of PHP 5.6 which disables the 'allow_self_signed' context variable to false and enables 'verify_peer' and hence poping the error when sending an email.
Since I didn't wanted to hack around swiftmailer code I added the Certificate Authority (CA) file of my server as trusted CA for my system executing laravel.
I did that getting the CA cert of my smtp server, something like
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAMZjjNg64RQwMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
VQQGEwJVUzEMMAoGA1UECBMDTi9BMQwwCgYDVQQHEwNOL0ExJDAiBgNVBAoTG1pp
...
5a8a4QEwWmnAOgHetsOCvhfeGW3yAJPD8Q==
-----END CERTIFICATE-----
and write it in my laravel machine which has an ubuntu 14.04 to a file named /usr/local/share/ca-certificates/my_cert.crt. It is crucial to end the file with .crt and also make it readable for everyone.
Then call update-ca-certificates and the certificate will be added to the list of valid CAs of your server.
I'm facing an issue to send email. I have my website built with Laravel. I have the files set up properly. That happens in 2 files.
The first one contains "driver" which of course is mailgun, "host" (smtp.mailgun.org), "port" (587 and according to my provider it's opened), "encryption" (tls), "username" and "password" (both with the right values).
The second one contains "domain" and "secret" (also both with the right values).
The domain is not the mailgun domain but my own domain, which is ACTIVE after set the Domain Verification and DNS.
The mailgun domain is still there ACTIVE. I don't know if I have to remove it or something. I really don't know what I'm missing here.
IMPORTANT UPDATE
Class 'GuzzleHttp\Client' not found
I'm receiving that message
mail.php
return array(
'driver' => 'mailgun',
'host' => 'smtp.mailgun.org',
'port' => 587,
'from' => array('address' => 'not-reply#xxxxxxxxx.com', 'name' => 'xxxxxxx'),
'encryption' => 'tls',
'username' => "xxxxxxxxxxxxxx",
'password' => "xxxxxxxxxxxxxx",
'sendmail' => '/usr/sbin/sendmail -bs',
'pretend' => false,
);
Obviously, the xxxxxxxxxx are my personal data. I can assure I'm setting the right values. It should work, indeed. :(
services.php
return array(
'mailgun' => array(
'domain' => 'domain-here',
'secret' => 'key-here',
),
'mandrill' => array(
'secret' => '',
),
'stripe' => array(
'model' => 'User',
'secret' => '',
),
);
domain and secret are populated with the right values too.
The #manix suggestion it seems to be the right approach but the version suggested 3.9 is deprecated. So it should be:
"guzzlehttp/guzzle": "~4.0"
As I have the project built with Laravel 4.2.
It should be 5.0 for Laravel 5.0.
Try to require guzzle dependency directly.
Add "guzzle/guzzle": "~3.9#dev" to composer.json like, example:
"require": {
"laravel/framework": "5.0.*",
"guzzle/guzzle": "~4.0"
},
Update your project. The command below shoul be executed in a terminal/console. For example, if your laravel application is hosted in a windows machine, you do:
> cd project/folder/path // change the working path
> composer update // this command update the proyect and dependencies
If you laravel is hosteed in a linux machine the you do:
$ cd /path/a/mi/folder // change the working path
$ composer update // this command update the proyect and dependencies
Test again your application