problems with wss in a complicated firewall setup

Hey I have been working with this problem for a bit now, and I am hoping that I could get some help. I need to get photon server working using wss, but I cannot use the default load balancing program, due to and raw ip address connections being blocked by the various firewalls. To solve this I have modified the load balancing app to always reply with hostnames. This all works fine on normal web sockets. We have been told that everything needs to be made https and wss. which is where the problems start. All of the docs have you utilizing self-signed certs, or at least certs for that specific domain. We do have ssl certs but they are wildcard certs, and when I try to configure the server to use them, it starts for a few seconds and then closes. For the moment we have a workaround hack, but feel like a real solution would be ideal. I cannot go into great detail on the public forum but would like to talk to someone. maybe @tobias

Comments

  • JohnTube
    JohnTube ✭✭✭✭✭
    Hi @sidF,

    Thank you for choosing Photon!

    Maybe if you ask a specific question or expose the detailed issue we could help!

    I cannot go into great detail on the public forum but would like to talk to someone.
    Send an email to developer@photonengine.com.
  • I will try to keep the debugging to the forums, that way if other people are in similar situations then it will help them as well.
    Our situation is that our customers are spread across a variety of networks across the world. All of which are behind either government or university firewalls. Our server is also behind a fairly aggressive firewall, with certain restrictions that we have no control over. The main restrictions that have been causing problems are these:

    1) No raw ip address links, so if photon tries to connect to the ip address of the server instead of the hostname it will fail.

    2) All connections must be HTTPS or WSS, any non-secure connection will be denied.

    The outside of network customers are likely facing similar restrictions, if not more restrictive.
    Our current solution is pretty hacky, but we were given two days to comply with the second restriction or our product was going to be shut down
  • as you probably know that on iOS you can not use raw IPv4 addresses so, we use names and it works.
    i'm sure you will get it working too
    please provide your config. you certificate should be real certificate. you should put in in correct store. and when you connect to your server you should use address which is used to get certificate.

    in order to understand whether you setup works or not you should connect locally. so that firewalls do not break anything. next step will be to get connected from outside

    best,
    ilya