Websocket configuration that will work with most firewalls by default

Question

We just added a websocket to our webapp, that is accessed by the general internet (i.e. not behind a firewall) on port 9090. One client is having a problem because their firewall is blocking access to that port.

Is there a clever solution around this that does not require additional configuration on the part of the client? I've read that port 443 is often allowed by firewalls, and is a configuration option for Skype. Is that an option here?

One solution that occurred to me, but I don't know if it would work at all, is configuring the webserver to proxy certain requests on port 80 to the websocket. However, I don't know if the websocket can share port 80, since it will also be service normal web pages and ajax requests.

We're using socket.io to implement the websocket communication, and have a webserver in front of node.js.

Any suggestions?

Answer 1

Firewalls are just one type of intermediary potentially interfering with WebSocket connections. The other major category is web proxies.

To maximize the chances of WebSocket connections succeed, you will want to run WSS (secure WebSocket) on port 443 with the WS server having a certificate issued by a CA which is built into all major browsers.

This will work in many restricted, corporate networks, unless a MITM proxy is in place which inspects the (unencrypted) traffic.

In principle, WS can share a given port with a plain old HTTP server - however this topic is orthogonal to above.