Unable to connect to secure websocket

August 2, 2018 2.5k views
Node.js Deployment JavaScript Let's Encrypt Ubuntu 16.04

Hi! I'm having trouble setting up my WebSocket server in Digital Ocean.

I'm changing my actual domain name for domain.com for the question's sake.

I basically have a NodeJs WebSocket server that I'm trying to connect to a react app I'm hosting at Heroku. I'm getting the following error when attempting to connect:

WebSocket connection to 'wss://domain.com/' failed: Error during WebSocket handshake: Unexpected response code: 200

Here's my server entry code:

        const PORT = process.env.PORT || 8080
        const privateKey = fs.readFileSync('/etc/letsencrypt/live/domain.com/privkey.pem', 'utf-8')
        const certificate = fs.readFileSync('/etc/letsencrypt/live/domain.com/cert.pem', 'utf-8')
        const credentials = { key: privateKey, cert: certificate }


        const server = express()
        const httpsServer = https.createServer(credentials, server)
        httpsServer.listen(PORT)


        this.wss = new WebSocket.Server({ server: httpsServer })

I used cert-bot to secure my connection, as for Heroku is obligatory. So here's my nginx default config file, located at /etc/nginx/sites-available/default

server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;


        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name domain.com www.domain.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        # include snippets/fastcgi-php.conf;
        #
        # # With php-fpm (or other unix sockets):
        # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        # # With php-cgi (or other tcp sockets):
        # fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        # deny all;
        #}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

I also changed a bit my UFW config. Here's the output to sudo ufw status

Nginx Full                 ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             

Just to be clear, I'm NOT using domain.com for real. I just changed it in the current question for privacy concerns, :D

Hope anyone can point me in the right direction. Not really sure where I'm going wrong.

Be the first one to answer this question.