0

I'm restructuring my server structure by splitting them up instead of running everything from one server.

I looked here but that just specifies what I were already doing in the original setup with just 1 server.

I'm having a structure like this:

  • 2x Web-Server
  • 1x Load-Balancer
  • 1x Cache-Server
  • 1x Worker-Server
  • 1x Database-Server

Everything works great except the socket connection.

My Load-Balancer has generated an SSL cert

Usually, I point to them like this:

var server = require('https').createServer({
    key: fs.readFileSync('/etc/nginx/ssl/mywebsite.com/1652307/server.key'),
    cert: fs.readFileSync('/etc/nginx/ssl/mywebsite.com/1652307/server.crt'),
}, app);

However, in my socket.js file, I'm unable to point to the certificates because they are now placed on the load balancer.

I have been setting up the infrastructure with laravel forge.

The error I get in the console is: `WebSocket is closed before the connection is established.

I'm using Nginx.

How do I go about this?

Improve this question
3
  • People will ask what is your web server? nginx or Apache? And what is your load balancer? F5 or something else? In many cases, you can install the certificate on the load balancer and enable SSL offloading, then web servers behind simply connect via HTTP.
    – Lex Li
    Commented Jan 24, 2023 at 16:48
  • @LexLi Iam using Nginx, im unaware of F5, can you please elaborate?
    – ii iml0sto1
    Commented Jan 24, 2023 at 19:52
  • F5 is a company that is selling load-ballancer appliances: en.wikipedia.org/wiki/F5,_Inc.
    – Mircea Vutcovici
    Commented Jan 24, 2023 at 20:09

1 Answer 1

Reset to default
0

The SSL termination should be on load-ballancer, and in this case you should not enable SSL on backends.

Improve this answer
6
  • Could you please elaborate with a little more detail for me? How would I go about this? How do I secure that the socket connection only has access to the load balancer? and what if I create more load balancers? all info is very much welcome
    – ii iml0sto1
    Commented Jan 24, 2023 at 20:05
  • Which part? SSL needs to be configured on load ballancer, not on web-server backends. What load-ballancer are you using?
    – Mircea Vutcovici
    Commented Jan 24, 2023 at 20:07
  • I edited my comment above, also I'm using ip hashing algo, and the provision provided by laravel forge load balancers, I allow network connections to web-server-01 and web-server-02. Also, port 22, 80 and 443 are allowed by any connection, do I need to open up the firewall for the websocket port to the IP's from web1/web2 server?
    – ii iml0sto1
    Commented Jan 24, 2023 at 20:12
  • If connectons towards socket.io are not proxied, then you should configure SSL in socket.js file. You can use the same certificates. Check with ss -tnp;ss -tlnp the TCP connections and respectively the TCP listening ports.
    – Mircea Vutcovici
    Commented Jan 24, 2023 at 20:31
  • Micrea, could we do a 1on1 somehow?
    – ii iml0sto1
    Commented Jan 24, 2023 at 20:32

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .