How can i open a secure websocket?

Question

I got a new droplet and i deployed my NoseJS/TypeScript project. It runs on IP:51001. (Just a backend service that i want to run 24/7)

If i just visit the ip for my droplet i wont get anything so pretty much i have to visit ip:port since my project runs on a specific websocket port.

After finishing up on my static page i created a websocket:

private socket = new WebSocket("ws://ip:port");

Since im hosting my static page on a HTTPS apache server i cant use the non secure websocket. So i have to add ssl on my websocket so i can request it as wss://port:ip.

I spent the past 2 days trying to do just that, countless tutorials, guides. Even tried adding my own domain,self signed ssl,certbot. I can’t make it work, does it make sense what im trying to do?

Sorry for the weird wording, english is not my first language and im really new to all this…

Thank you!

Bobby · Answer

Hello,

It makes perfect sense what you are trying to do, and you’re on the right track. Serving secure WebSockets (WSS) is crucial when your site is served over HTTPS.

To do this, you’ll need to obtain an SSL certificate for your domain, configure your Node.js application to use that certificate, and serve WebSocket traffic over a WSS (WebSocket Secure) connection. Here are step-by-step instructions on how to do this:

Step 1: Obtain SSL certificate

Since you already mentioned that you tried certbot, I’ll assume you have a domain and you have an SSL certificate. If not, you need to obtain a domain name and get an SSL certificate. You can use Let’s Encrypt (Certbot) to get a free SSL certificate.

Step 2: Configure your Node.js Application

Once you have your SSL certificate and key, you need to update your Node.js application to use them. You’ll want to use the https module’s createServer method to create an HTTPS server with your certificates, and then pass that server to the WebSocket server. Here’s a basic example:

const https = require('https');
const fs = require('fs');
const WebSocket = require('ws');

const server = https.createServer({
  cert: fs.readFileSync('/etc/letsencrypt/live/yourdomain.com/fullchain.pem'),
  key: fs.readFileSync('/etc/letsencrypt/live/yourdomain.com/privkey.pem')
});

const wss = new WebSocket.Server({ server });

wss.on('connection', function connection(ws) {
  ws.on('message', function incoming(message) {
    console.log('received: %s', message);
  });

  ws.send('something');
});

server.listen(51001);

Replace 'yourdomain.com' with your domain, and ensure that the paths to fullchain.pem and privkey.pem correctly point to the locations where your SSL certificate and key files are stored.

Step 3: Test Your Connection

Now, you should be able to connect to your WebSocket server from your static page using WSS. For example:

var socket = new WebSocket('wss://yourdomain.com:51001');

Additional Configuration

Also, remember to ensure that your Node.js app restarts automatically if it crashes or the server reboots. You could use a process manager like pm2 for this. You can install it globally on your server with npm install pm2 -g, and then start your app with pm2 start app.js (replace app.js with the entry point to your application).

Alternative approach

Alternatively, you can use Nginx as a reverse proxy and handle the SSL termination there:

Step 1: Install Nginx

Firstly, you need to install Nginx on your server, if it’s not already installed. On Ubuntu, you can do this with the following commands:

sudo apt update
sudo apt install nginx

Step 2: Obtain SSL certificate

You’ll still need an SSL certificate for your domain. If you haven’t already obtained it, you can use Let’s Encrypt (Certbot) to get a free SSL certificate:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

Step 3: Configure Nginx

Next, you’ll want to create an Nginx configuration for your domain. This configuration will set up the reverse proxy to your WebSocket server.

Here is a basic configuration you could use:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:51001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Save this configuration to a file in the /etc/nginx/sites-available directory. Then create a symbolic link to it in the /etc/nginx/sites-enabled directory.

For example, if you save the file as /etc/nginx/sites-available/myapp, you would create the symbolic link like so:

sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/

Step 4: Restart Nginx

Once you’ve created the configuration, you’ll need to check the configuration syntax is correct and then restart Nginx. You can do this with the following commands:

sudo nginx -t
sudo systemctl restart nginx

Step 5: Connect to WebSocket

Now, you should be able to connect to your WebSocket server from your static page using wss://yourdomain.com without specifying the port. This is because Nginx listens on the default HTTPS port (443) and forwards the traffic to your WebSocket server.

Remember to replace 'yourdomain.com' with your domain, and ensure that the paths to fullchain.pem and privkey.pem correctly point to the locations where your SSL certificate and key files are stored.

If the server is not starting or you can’t connect to your WebSocket, check the Nginx error logs for clues. They are usually located in the /var/log/nginx directory.

Best,

Bobby

Report this

How can i open a secure websocket?

Alternative approach

Become a contributor for community

DigitalOcean Documentation

Resources for startups and AI-native businesses

Get our newsletter

The developer cloud

Get started for free