1

So I am an absolute beginner at Socket.IO, but I have a pre built application that needs to be secured in two ways: It needs to be transmitted over HTTPS and it needs to be restricted to only server data to a specific domain.

This is the code for the emitter thus far: https://github.com/Bitzz/Pokemon-Go-Coords/blob/master/discord-bot/index.js How do I go about securing it? I assume something along the lines of 

io.set('origins', 'https://example.com:*');

on line 156 would restrict it to one domain... Could I maybe blacklist only specific domains instead? Beyond that, how do I make it emit over https via wss?

Currently the console shows: bye bye ws over https

I think I can figure out how to configure the web sided reader to look for the over https websocket, but getting it to send is not something I know how to figure out. Please use simple words I am not a smart cookie. :(

Bitz
  • 1,128
  • 11
  • 33

2 Answers2

2

To restrict Socket.IO to multiple domain, I believe you only need to separate each domain by one space.

io.set('origins', 'https://example.com:* https://anotherdomain.com:*');

About the SSL connection, there are several ways to archive that:

  1. Config Socket.IO to use ssl (wss:// instead of ws://) in NodeJS, there is an answer here: node.js, socket.io with SSL
  2. Create a reverse proxy with Nginx, there is a guide here: https://www.exratione.com/2013/06/websockets-over-ssl-with-nodejs-and-nginx/
  3. Use reverse proxy from 3rd service like https://www.cloudflare.com

The third option is the easiest way to archive. You only need to point your domain CloudFlare and config an a record to your ws server, CloudFlare will provide ssl for websocket for free and automatically do SSL termination to your origin websocket server.

Community
  • 1
  • 1
Long Nguyen
  • 11,075
  • 2
  • 18
  • 25
  • Hey, thanks for the reply. For 2)Is there a apache2 method of doing that? I've been trying to do a reverse proxy with apache2 but no luck. I'll try the third option when I get in contact with the domain owner as I don't have access to change the DNS records at this time. – Bitz Sep 13 '16 at 19:09
  • @Bitz here you go http://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel – Long Nguyen Sep 13 '16 at 19:11
  • Thanks for the help, I managed to get the polling http requests redirected to the https proxy using: `SSLProxyEngine on ProxyPass /socket.io http://127.0.0.1:49002/socket.io/ ProxyPassReverse /socket.io http://127.0.0.1:49002/socket.io/` I still am having an issue with the wss is throwing "failed: Error during WebSocket handshake: Unexpected response code: 400" though. (And as we know, polling requests are heavy and inefficient.) – Bitz Sep 15 '16 at 15:53
0

I found the solution.

In the apache2 site config file for the secure config (*:443), add the following:

#This enables polling over https. Painfully inefficient but a good fallback
SSLProxyEngine on
ProxyPass /socket.io http://127.0.0.1:49002/socket.io/ 
ProxyPassReverse /socket.io http://127.0.0.1:49002/socket.io/

#This upgrades and rewrites the ws to wss
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:49002%{REQUEST_URI} [P]
Bitz
  • 1,128
  • 11
  • 33