socket.io communication between server and client not working (but connecting) after setting up SSL (HTTPS)

messerbill commented 6 years ago

Hi,

i am running a nginx on my Debian 8.5 64bit which is used as reverse proxy for my node applications. Each request walks through my reverse proxy before getting routed to the special apps. Therefor i am using this config:

upstream socket_nodes {
  server 127.0.0.1:3000;
  server myUrl.com:3000;
  server MY.ROOTSERVER.IP.ADDRESS:3000;
}
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name myUrl.com;
  return 301 https://$server_name$request_uri;
}

server {
  # SSL configuration
  #
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;
  include snippets/ssl-my-website.com.conf;
  include snippets/ssl-params.conf; 

  # Self signed certs generated by the ssl-cert package
  # Don't use them in a production server!
  #
  # include snippets/snakeoil.conf;

  # Add index.php to the list if you are using PHP
  index index.html index.htm index.nginx-debian.html;

  server_name www.myWebsite.com;
  root /root/webserver/app/;
    location ~ /.well-known {
            allow all;
    }
  location / {
     proxy_pass http://localhost:8080;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection 'upgrade';
         proxy_set_header Host $host;
         proxy_cache_bypass $http_upgrade;
  }
    location /app-api/ {
     proxy_pass http://localhost:3000;
  }
  location /at_backend/ {
    proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://socket_nodes;
  }
}

Sadly this is not working. I can reach my website via https (https://www.myWebsite.com) and it works fine.

The socket.io server is running under /app-api and can be accessed from the internet (the server loggs "new client connected") - but i can not emit any events between them. The HTTP Status Code of the socket.io connection is (correctly) 101 Switching Protocols.

note:

Some weeks ago i've deployed a socket.io server which worked just fine behind my nginx. But since i've been using https this does not work anymore....

Greetings

IchabodDee commented 6 years ago

I'm having a super similar issue here. We're you able to resolve??

messerbill commented 6 years ago

No it is still the same. The connection is established but no events are emitted.

yingshaoxo commented 4 years ago

I've been spending a whole night to solve this problem when I start to use https or wss or ssl. It always says connection stopped before establish with 400 error code.

Just a minutes ago, I found a solution for that:

0. Cloudflare

At the SSL/TLS tab:

If you have your own cert or SSL or HTTPS: set it to Full. (The following 123 steps assume you have your own https certification)
If you only have an http server: set it to Flexible. (The Cloudflare will add https or ssl to your website automatically.)
After that, go to DNS tab, set Proxied.

If you are not sure what you are doing, just go to DNS tab, set DNS only

1. Make sure you have a right proxy configuration.

server {
    listen 80;
    server_name ai-tools-online.xyz;
    return 301 https://ai-tools-online.xyz$request_uri;
}

server {
    listen 443 ssl http2;

    ssl_certificate       /data/v2ray.crt;
    ssl_certificate_key   /data/v2ray.key;
    ssl_protocols         TLSv1.2 TLSv1.3;
    #ssl_ciphers           3DES:RSA+3DES:!MD5;
    server_name ai-tools-online.xyz;

    location / {
        proxy_pass http://127.0.0.1:5000;
    }

    location /socket.io {
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass http://127.0.0.1:5000/socket.io;
    }
}

ai-tools-online.xyz is your domain, http://127.0.0.1:5000 is your socket server.

2. Make sure your server `Cross-Origin Controls` is set to `'*'` to allow `Cross-Origin Access`

For flask-socketio, is to use flask_socketio.SocketIO(app, cors_allowed_origins = '*')

3. You must restart the nginx to let the new config work

systemctl restart nginx

4. For more details about how to set `caddy`, see the following links:

https://github.com/yingshaoxo/Web-Math-Chat#reverse-proxy-configuration-for-https https://caddy.community/t/using-caddy-0-9-1-with-socket-io-and-flask-socket-io/508/6 https://www.nginx.com/blog/nginx-nodejs-websockets-socketio/

pavellzubkov commented 4 years ago

same issue ( i trying some nginx config and socket.io options three days with no successful! and after that i solved the problem . now websocket work fine via nginx proxy with ssl (wss)! on server side i use ws module and on client side i use vue-native-websockets (in my case) i using nginx conf:

location /ws {
        # prevents 502 bad gateway error
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;

        # redirect all HTTP traffic;
        proxy_pass http://my_ws_server:9010;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-NginX-Proxy true;

        # enables WS support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    proxy_redirect off;

    }

darrachequesne commented 3 years ago

Closed due to inactivity, please reopen if needed.

socketio / socket.io