Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mr.bob2021-11-30 10:40:10
PHP
mr.bob, 2021-11-30 10:40:10

Web socket fsockopen returns false over ssl with https working correctly, why?

I have a Bitrix website running on ubuntu in docker containers,
nginx stack + php-fpm + percona mysql + memcached + elastic search

, the network is also not simple. The server is in the internal NAT space and all requests from the outside are proxied to the server

with
docker containers new from lets encrypt on two machines (#1 proxy, #2 machine with docker containers) also root certs updated too (bug since sep 29, 2021) machines also new and freshly deployed ubuntu 20.x


But, the problem is when passing the check of the site, or more precisely, "Working with sockets"
and, more precisely, to be the code

fsockopen(' ssl://mydomain.com ', 443, $err, $text, 5)

returns false.
Both from external ip and from NAT networks too.
If you remove the ssl:// prefix and leave only the domain, then, without any problems, it returns source id #NUMBER
in /etc/hosts on both machines internal ip sites are registered
on machines all ports are open 80 and 443

nginx conf

location / {
    proxy_ignore_client_abort on;
    proxy_pass https://mydomain.ru:443;
    proxy_redirect https://mydomain.ru:443 /;
    proxy_read_timeout 300;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header HTTPS YES;
    proxy_set_header Authorization "";

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}


$http_upgrade and $connection_upgrade are described and set in nginx.conf

from the php container when curling on https://mydomain.ru an error was displayed

curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html


but, I created the chain and added it to the root certificate, the error disappeared, but it didn’t help with fsockopen

if
I put ip 127.0. connection refused) and false
if I set the ip of the internal network of the machine, then it returns the error code 0 and false
if I set the ip external, then it returns the error code 110 (timed out) and false

on the machines there is access to the Internet,
I am confused and have no idea how solve it

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
M
MrLumusss2022-01-12 20:01:57
Is it possible to enable XMP if some dice don't support it? 4Reply
M
MrFreeman2014-05-22 10:27:02
Where did the events from habrahabr go? 6Reply
A
Artem Gvozdev2018-11-28 11:53:31
Using the weather API? 3Reply
K
khudobinvasiliy2021-04-02 20:04:00
How to resolve 500 error on Flask Heroku? 3Reply
V
Vladimir Karpenko2017-04-19 19:41:47
What if there are two databases in an ASP.NET MVC5 project: one is database first, the other is code first? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question