Question

Unable to connect to secure websocket

Hi! I’m having trouble setting up my WebSocket server in Digital Ocean.

I’m changing my actual domain name for domain.com for the question’s sake.

I basically have a NodeJs WebSocket server that I’m trying to connect to a react app I’m hosting at Heroku. I’m getting the following error when attempting to connect:

WebSocket connection to 'wss://domain.com/' failed: Error during WebSocket handshake: Unexpected response code: 200

Here’s my server entry code:

        const PORT = process.env.PORT || 8080
        const privateKey = fs.readFileSync('/etc/letsencrypt/live/domain.com/privkey.pem', 'utf-8')
        const certificate = fs.readFileSync('/etc/letsencrypt/live/domain.com/cert.pem', 'utf-8')
        const credentials = { key: privateKey, cert: certificate }


        const server = express()
        const httpsServer = https.createServer(credentials, server)
        httpsServer.listen(PORT)


        this.wss = new WebSocket.Server({ server: httpsServer })

I used cert-bot to secure my connection, as for Heroku is obligatory. So here’s my nginx default config file, located at /etc/nginx/sites-available/default

server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;


        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name domain.com www.domain.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        # include snippets/fastcgi-php.conf;
        #
        # # With php-fpm (or other unix sockets):
        # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        # # With php-cgi (or other tcp sockets):
        # fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        # deny all;
        #}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

I also changed a bit my UFW config. Here’s the output to sudo ufw status

Nginx Full                 ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             

Just to be clear, I’m NOT using domain.com for real. I just changed it in the current question for privacy concerns, :D

Hope anyone can point me in the right direction. Not really sure where I’m going wrong.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Maybe you already figure out. But just in case, there is no certificate needed on node.js server. Just configure certificates on nginx. Thought these http and web sockets are same.