wss (secure websocket) with Django Channels and Daphne webserver

Question

I am trying to figure out how to set up Django Channels so that it accepts my websocket connections via the wss:// scheme.

For ws:// everything works perfectly. I use the websockets package on my client side to set up a connection to the server (which runs Channels as an ASGI server). But when I shift to wss:// and start running the client, then ... nothing happens for 60s, after which I get an error message stating: "SSL handshake is taking longer than 60.0 seconds: aborting the connection"

My Daphne server is running on localhost with standard port 8000.

Starting ASGI/Channels version 2.2.0 development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
INFO - 2019-11-15 14:12:14,094 - django-main-thread - daphne.server[110] - HTTP/2 support not enabled (install the http2 and tls Twisted extras)
INFO - 2019-11-15 14:12:14,094 - django-main-thread - daphne.server[119] - Configuring endpoint tcp:port=8000:interface=127.0.0.1
INFO - 2019-11-15 14:12:14,095 - django-main-thread - daphne.server[150] - Listening on TCP address 127.0.0.1:8000

I understand that HTTP and HTTPS as well as TCP and TLS should run on different ports, but since I haven't found any hint on the Django Channels readthedocs website on it, I thought it might just miraculously handle both without any config necessary. I guess I am wrong?

The client-side connection is established like this:

ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
    ssl_context.set_ciphers(get_allowed_ciphers())
    ssl_context.verify_mode = ssl.CERT_REQUIRED
    ssl_context.check_hostname = False

async with websockets.client.connect(
            uri=url,
            extra_headers=header,
            ssl=ssl_context) as websocket:
      await asyncio.gather(on_open(websocket), on_message(websocket))

The on_open() and on_message() methods handle the opening of the socket and parsing incoming messages, respectively.

Now, I was actually expecting to be able to set an SSL context on the server side (using Channels) as well, but I haven't found one single example after many hours of research online. I rather see only examples where nginx is configured to listen to port 443 and pointing to the necessary certificates.

I thought Daphne was a production-ready server that can handle both HTTP(s) and WebSocket (ws and wss) requests. What do I need Nginx for?

That may seem like a stupid question, but I'm happy for any help here.

Daphe is an application server like Gunicorn. Of course, it can work as a web server on its own but that's not really what it's meant for and won't work well so you still need some proxy server like Nginx or Apache behind it. For your production server, you should really use Nginx to proxy the requests to Daphe as you would do Gunicorn and not expose it directly to the web — Ken4scholars, Nov 15 '19 at 21:33
Ok, but is there no way to set the SSLContext on the server side with Django Channels? I am really confused ... — Marc, Jan 19 '20 at 08:38
This section on Github has info on how to run it with SSL https://github.com/django/daphne#running — Ken4scholars, Jan 19 '20 at 09:20
@AldianFazrihady No I did not, so far I want to get it running with Daphne for my development purposes and then at a later stage set up nginx when I need to take things to production. — Marc, Jan 20 '20 at 08:04
@Ken4scholars Thanks, but I need a way to set an SSLContext for the TLS server (see https://docs.python.org/3.8/library/ssl.html#ssl.SSLContext). Just pointing Daphne to the cert and key file is not enough, I need to parameterize the SSLContext, e.g. to use only a specific set of cipher suites. I'm getting the feeling that I understand something wrong, as I feel this should be such an easy option offered by Channels, but it's not. — Marc, Jan 20 '20 at 08:11
Did you ever figure it out? I have a similar problem, and I thought it would be an easy fix, but I have been stuck on this for weeks — Fabian Omobono, Jan 16 '21 at 07:45

wss (secure websocket) with Django Channels and Daphne webserver

0 Answers0