WebSocket connection to 'wss://domain:6001/app/...?protocol=7&client=js&version=7.0.3&flash=false' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

[waterbuckit]

Hi there, I've been searching for hours through the other threads pertaining to this particular problem - like for other people, it occurs only as an issue on the production server, works fine locally. I'd like to write out the things I've tried and give you some details on the environment as it may be something that I'm missing:

Error
app.js:69927 WebSocket connection to 'wss://domain:6001/app/...?protocol=7&client=js&version=7.0.3&flash=false' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

Server:
Amazon AWS EC2 instance
RHEL 8, using SELinux.

Webserver:
Apache (httpd)

I've opened port 6001 in both the AWS EC2 Security group and in firewall-cmd and iptables.
I'm fairly confident this is a network issue, doing $ nc -v devgiirp.co.uk 6001 gives me:
domain [ip-address] 6001: Connection refused but I simply don't know what else I should check.

Does the port need to be open for both inwards and outward traffic?

I'll dump my config here.
bootstrap.js

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: process.env.MIX_PUSHER_APP_KEY,
    cluster: process.env.MIX_PUSHER_APP_CLUSTER,
    forceTLS : true,
    wsHost: window.location.hostname,
    wsPort: process.env.MIX_WEBSOCKETS_PORT,
    wssPort: process.env.MIX_WEBSOCKETS_PORT,
    disableStats : true,
    enabledTransports: ['ws', 'wss']
});

config/websockets.php

<?php

use BeyondCode\LaravelWebSockets\Dashboard\Http\Middleware\Authorize;

return [
    'dashboard' => [
        'port' => env('LARAVEL_WEBSOCKETS_PORT', 6001),
    ],
    'apps' => [
        [
            'id' => env('PUSHER_APP_ID'),
            'name' => env('APP_NAME'),
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'path' => env('PUSHER_APP_PATH'),
            'capacity' => null,
            'enable_client_messages' => false,
            'enable_statistics' => false,
        ],
    ],

    'app_provider' => BeyondCode\LaravelWebSockets\Apps\ConfigAppProvider::class,

    'allowed_origins' => [
        //
    ],

    'max_request_size_in_kb' => 250,

    'path' => 'laravel-websockets',

    'middleware' => [
        'web',
        Authorize::class,
    ],

    'statistics' => [

        'model' => \BeyondCode\LaravelWebSockets\Statistics\Models\WebSocketsStatisticsEntry::class,

        'logger' => BeyondCode\LaravelWebSockets\Statistics\Logger\HttpStatisticsLogger::class,

        'interval_in_seconds' => 60,

        'delete_statistics_older_than_days' => 60,

        'perform_dns_lookup' => false,
    ],

    'ssl' => [

        'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),

        'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),

        'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),

        'verify_peer' => false,
    ],

    'channel_manager' => \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManagers\ArrayChannelManager::class,
];

My SSL keys are sitting in /public and are referenced using the environment variables.

config/broadcasting.php

<?php

return [

    'default' => env('BROADCAST_DRIVER', 'null'),

    'connections' => [

        'pusher' => [
            'driver' => 'pusher',
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'app_id' => env('PUSHER_APP_ID'),
            'options' => [
                'cluster' => env('PUSHER_APP_CLUSTER'),
                'useTLS' => true,
                'encrypted' => true,
                'host' => '127.0.0.1',
                'port' => env('WEBSOCKETS_PORT'),
                'scheme' => 'https',
                'curl_options' => [
                    CURLOPT_SSL_VERIFYHOST => 0,
                    CURLOPT_SSL_VERIFYPEER => 0,
                ]
            ],
        ],

        'redis' => [
            'driver' => 'redis',
            'connection' => 'default',
        ],

        'log' => [
            'driver' => 'log',
        ],

        'null' => [
            'driver' => 'null',
        ],

    ],

];

Many thanks for taking a look - if there's anything else you may need to know then feel free to ask, I've tried hundreds of configuration changes, messed around endlessly with the server, I'm quite at a loss, honestly.

UPDATE
I started using the outward facing physical public server IP address in the bootstrap.js file, and now the port is open but I'm getting a new error:
ERR_CERT_AUTHORITY_INVALID
The ball is rolling it seems and I'll look at some other issues to see if others have solved this.

UPDATE
Using the public facing IP address of the server seems like a bad idea, reverse proxy with subdomain for websockets seems sensible perhaps?

[mt-ks]

for wss connections my settings works;
config/broadcasting.php

    'pusher' => [
        'driver' => 'pusher',
        'key' => env('PUSHER_APP_KEY'),
        'secret' => env('PUSHER_APP_SECRET'),
        'app_id' => env('PUSHER_APP_ID'),
        'options' => [
            'cluster' => env('PUSHER_APP_CLUSTER'),
            'host' => 'domain.com',
            'port' => (int)env('LARAVEL_WEBSOCKETS_PORT',6001),
	'scheme' => 'https',
            'encrypted' => true
        ],
    ],