This looks to be a transport issue. Asterisk is attempting to write to the web socket connection but it’s failing to do so.
First off, tick off some obvious ones. Asterisk will never close the websocket by its self, so long as you send a register within the first few seconds (i think 30) of establishing a connection. Once a client is connected, and a REGISTER messages is sent it stays endlessly connected, so it’s not Asterisk closing it for no reason.
The other point is that websockets are like any other TCP/TLS connection - if they are NATed, the device keeping the NAT connection, like a router etc, can close it, if it doesn’t see actual data (not just keep alive empty packets) over the connection for N amount of time. (N will be different per router.) You must qualify the endpoint (aka send an OPTIONS message), and I would suggest setting this to about every 120 seconds. (don’t change the nat time-out settings on the router. Defaults should be fine, so long as default is more than 120sec… but would be pretty harsh if it was)
If this makes your system stable fine, leave it, however I would highly recommend the following:
Personally I prefer to hand LTS connections over to a full blown web server. Not that MiniHTTP server isn’t up to the job, but there are better ones. Here is the basics; install Apache (if not already installed), and set the host to reverse proxy the wss://0.0.0.0:4431/ws
connection to ws://127.0.0.1:8080/ws
(note the ws:). This ends the TLS leg of the connection (wss) on Apache, and forwards the next leg of the connection to the Asterisk box (at 127.0.0.1) on its non-tls web server port (8080). So yes, you can actually turn off TLS on Asterisk HTTP. Apache is the LTS server, and Asterisk treats the connection like a typical non secure web socket connection, and calls etc flow as per normal. Best of all, you change absolutely nothing else because the web server is on the same box as Asterisk.
/etc/asterisk/http.conf
[general]
enabled=yes
bindaddr=127.0.0.1
bindport=8080
tlsenable=no
enablestatic=no
/etc/apache2/sites-enabled/000-default.conf
<VirtualHost 0.0.0.0:4431>
ServerName mycompany.com
DocumentRoot /var/www/html
ProxyRequests off
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile /home/certs/mycompany.crt
SSLCertificateKeyFile /home/certs/mycompany.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
ProxyPass /ws ws://127.0.0.1:8080/ws
ProxyPassReverse /ws ws://127.0.0.1:8080/ws
</VirtualHost>
I have done an explainer video on this if you want I can share the link, otherwise apply any configuration changes to this that you may have, and give it a try.
P.S. You can even take this one step further if you like, and run Apache as a separate server with load balancing… so one web server can act as the endpoint for many asterisk boxes. But that does require a bit of change. The important thing to remember here is that the wss requirement is only for browsers, not for Asterisk, so if you go to standard ws before you get to Asterisk, you deal with none of that certificate mess.