CODEWITHSUNDEEP
javascriptnode.jswebsocketsocket.io
Salty Salamander
Salty Salamander

Reputation: 1

Implementing https and socket io

I have been searching high an low for this and have not been able to find a solution. I have the following code in the server:

import express from 'express';
import { createServer } from 'https';
import { Server } from "socket.io";
import fs from 'fs';

const app = express();

const credentials = {
        key: fs.readFileSync('../key.pem'),
        cert: fs.readFileSync('../cert.pem')
};

// create http/https server
const server = createServer(credentials, app);

const io = new Server(server);

io.on('connection', (socket) => {
  console.log('a user connected');
});

server.listen(3000, () => {
        console.log('listening on localhost:3000');
});

Now in the client side I have:

import { io } from "socket.io-client";
import fs from "fs";

const socket = io("https://localhost:3000", {
        rejectUnauthorized: false,
        ca: fs.readFileSync("../cert.pem") 
});

socket.on("connect", () => console.log("connected to server"));

If I change the server side to import to:

import { createServer } from 'http';

instead of:

import { createServer } from 'https';

and I change the client side to:

const socket = io("http://localhost:3000");

instead of:

const socket = io("https://localhost:3000");

I socket io is able to communicate just fine

It is just the https. I tried to add certs and to set

rejectUnauthorized: false

with no avail. I found this question, but nothing there has worked. The socket io documentation has not been much help. What can I try next?

Upvotes: 0

Views: 144

Answers (2)

bato3
bato3

Reputation: 2815

The best option to implement https in your application is to do it on a "real" http server. E.g.: nginx, Apache, ...

What you get directly from Node is sufficient for development purposes, but it is not recommended using it in a real environment. If only because it handles Keep-Alive connections on average. (This is what you'll experience the fastest.)

Next come the issues of performance and scalability. You must remember that the Node application is basically single-threaded. With many customers, even the "stupid" cors request takes resources that could be spent on actual customer service.

Did you know you can run multiple instances of a Node application? (it is enough to properly manage the shared data) This can be done e.g. via upstream in nginx. Or use e.g. Phusion Passenger (Which will immediately manage application restarts after an unexpected crash, instead of managers like pm2)

Upvotes: 1

BGPHiJACK
BGPHiJACK

Reputation: 1397

As HTTPS will try to reject at 127.0.0.1, WSS will as well but off the bat no way to bypass correct?

In development most users hit this wall initially till they have more time to set this up correctly.

Insert this code into your web socket server file.

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;

Only in development do you use this, it's not to EVER be used in production.

Upvotes: 1

Related Questions