php ratchet websocket SSL connect?

Question

I have a ratchet chat server file

use Ratchet\\Server\\IoServer;
use Ratchet\\WebSocket\\WsServer;
use MyAppChat\\Chat;
require dirname(__DIR__) . \'/vendor/         


        

Answer 1

If you are using Apache web server (2.4 or above), enable these modules in httpd.conf file :

1. mod_proxy.so
2. mod_proxy_wstunnel.so

Add this setting to your httpd.conf file

ProxyPass /wss2/ ws://ratchet.mydomain.org:8888/

Use this URL in your JavaSscript call when you want a WSS connection:

var ws = new WebSocket("wss://ratchet.mydomain.org/wss2/NNN");

Restart Apache web server and make sure that your Ratchet worker (web socket connection) is open before applying the settings (telnet hostname port).

Answer 2

I was trying to do this for a subdomain. Ex: Redirect realtime.domain.org to localhost:8080 from apache.

Here's how it worked. You can create a virtual host and proxy pass that.

<VirtualHost *:80>
    ServerName realtime.domain.org

    RewriteEngine On
    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteRule /(.*) ws://localhost:8080/$1 [P,L]

    ProxyPreserveHost On
    ProxyRequests off
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>

So, all the requests to realtime.domain.org can be redirected to port 8080, where you can run the WebSocket handler.

Answer 3

If you're using Nginx, just write this in your SSL server block:

location /services/myservice {
    # switch off logging
    access_log off;

    # redirect all HTTP traffic to localhost
    proxy_pass http://localhost:1234;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # WebSocket support (nginx 1.4)
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # Path rewriting
    rewrite /services/myservice/(.*) /$1 break;
    proxy_redirect off;

    # timeout extension, possibly keep this short if using a ping strategy
    proxy_read_timeout 99999s;
}

This will upgrade any wss://yoursite.com/services/myservice call to a socket running on port 1234. Just make sure you remember not to leave port 1234 open to the world.

Answer 4

I found this answer on Ratchet's google group by Chris Boden:

The best solution would be to use Nginx as your web server. Have Nginx listen on port 80 for incoming connections and have it handle your SSL. Nginx will forward incoming connections to PHP-FPM for your regular website and if it detects a connection is a WebSocket connection have it proxy to your running Ratchet application on a port of your choice. Your javascript could then connect via wss://mydomain.org

This is an alternative way to using stunnel if your application is going to be served using nginx.

Answer 5

It is working for me for ubuntu 18.04.

var ws = new WebSocket('wss://domain.com/ws/');

Enabled proxy modules by running the following command in terminal.

sudo a2enmod proxy proxy_balancer proxy_wstunnel proxy_http

Added these lines in my Apache virtualhost config file(/etc/apache2/sites-available/000-default-le-ssl.conf)

ProxyRequests Off

ProxyPass "/ws/" "ws://domain.com:5555/"

Restarted apache service. And the websocket started working in https.

Answer 6

The problem is that React (which Ratchet is built on) does not support direct SSL connections. See this issue.

There is a simple workaround. Use stunnel with a config like:

[websockets]
accept = 8443
connect = 8888

Stunnel will handle SSL traffic on port 8443 and port them to your websocket server.