Try ERPNext Buy Support Partners Foundation

Socket IO not working in Production Ubuntu 18.04

I have setup ERPNext with easy install script. Activated dns multi tenant setup with letsencrypt.
erpnext 12.8.0
frappe 12.5.1

Every thing is working fine except the socketIO. when I try to use frappe.publish_realtime. No action takes place.

e.g frappe.publish_realtime(“msgprint”,message,user)

Other functionality like who is viewing the document, auto refresh of list view. Nothing is working that depends on socketio

Browser console is also not showing any connectivity issue.

I have checked the auto generated nginx config and they look fine. Please guide me in this matter. Below is node-socketio.log

Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL     routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

No response for doc_subscribe
No response for doc_subscribe
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

No response for doc_subscribe
No response for doc_subscribe
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

No response for doc_subscribe
No response for doc_subscribe
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

No response for doc_subscribe
No response for doc_subscribe
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
Unable to join chat room. Error: write EPROTO 140022498355008:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
listening on *: 9000
Unable to join chat room. Error: write EPROTO 140148206663488:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

Unable to join chat room. Error: write EPROTO 140148206663488:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
Unable to join chat room. Error: write EPROTO 140148206663488:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

frappe.chat: Subscribing ahmad@havenir.com to room CR00001
frappe.chat: Subscribing ahmad@havenir.com to event srca.havenir.com:room:CR00001
listening on *: 9000
Unable to join chat room. Error: write EPROTO 139758533908288:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:

I have the same problem with one of my two instances of ERPNext. They both have the exact same setup (Ubuntu 18.04, latest ERPNext v12 and Frappe v12, …), the only difference is that the instance that is having the problem uses a self-signed ssl certificate and is accessed via https, while the other isn’t.

So I think the culprit here is SSL.

A solution to this problem was suggested her, however it didn’t work for me:

Self-signed certificates must be trusted on client devices by installing into client’s certificate store.

I already did this and my browser also shows erpnext as secure connection.
However, I didn’t create a certificate authority to sign the certificates and bench shows a warning that ssl stapling will be ignored since there is no authority mentioned in the certificate, so maybe that’s the problem.

This is what OpenSSL shows when connecting to the site:

CONNECTED(00000005)
depth=0 C = DE, L = example-city, O = example-company, CN = site1.local
verify error:num=18:self signed certificate
verify return:1
depth=0 C = DE, L = example-city, O = example-company, CN = site1.local
verify return:1
---
Certificate chain
0 s:C = DE, L = example-city, O = example-company, CN = site1.local
i:C = DE, L = example-city, O = example-company, CN = site1.local
---
Server certificate
-----BEGIN CERTIFICATE-----
xyz
-----END CERTIFICATE-----
subject=C = DE, L = example-city, O = example-company, CN = site1.local

issuer=C = DE, L = example-city, O = example-company, CN = site1.local

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 1631 bytes and written 801 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: xyz.....
    Session-ID-ctx:
    Resumption PSK: xyz.....
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000...
    0010...

    Start Time: 1590481036
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: xyz....
    Session-ID-ctx:
    Resumption PSK: xyz.....
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000...
    0010...

    Start Time: 1590481036
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed