{question}
Can I use the secure private key certificate with WebSocket?
{question}
{answer}
If you have the private key of the cluster encrypted with a passphrase when you configure the WebSocket Proxy using the parameter https_proxy_port the cluster will fail to start with the following message:
✘ Failed to start Leaf node on 192.168.111.23 (2/2)
error running memsqlctl: error running command: `/usr/bin/ssh -oBatchMode=yes -q -tt -oControlPath=/run/user/1000/singlestoredb-toolbox522665264/2.socket 192.168.111.23 sudo -S -k -- /bin/sh -c $1`
where $1 = `printf 6d39e7c3-f03c-4a6b-9030-bb1b81d8b306 && exec memsqlctl --json --yes start-node --memsql-id E448A462BF7AFE7A4FCDB566853274089AC567D8`: exit status 1:
stdout: Latest errors from MemSQL tracelog:
67 2021-09-10 16:04:59.966 INFO: Log opened
01975769 2021-09-10 16:05:01.942 ERROR: Thread -1: StartWebsocketProxy: Proxy failed to start; exit code = 1; reason = FAILURE
01975812 2021-09-10 16:05:01.942 ERROR: Failed to start the websocket proxy and http api, check that there is nothing else bound to port 4433
To be able to use the WebSocket Proxy, the private key must not be encrypted.
You can remove the encryption key from the private key using the openssl utility:
openssl rsa -in server-key.pem -out server-key.clear
mv server-key.pem server-key.encrypted
mv server-key.clear server-key.pem
Then you need to remove the parameter in all the hosts:
sdb-admin update-config --all --key ssl_key_passphrase --reset
And restart the server
sdb-admin restart-node --all
{answer}