Connecting to Socket.IO server with SSL (https) when listening to custom port

[Udi]

Hey everybody,

My socket.io server is running and listening to port 6060.

Now, I added to my domain an SSL certificate in order to serve my website through https protocol.

if i'm trying to access the server through http://mydomain.com:6060 i'm getting the "Welcome to socket.io." message, but when i'm doing it with https://mydomain.com:6060 it's not work..

Is it posible to connect to my socket.io server (listening to port 6060) with ssl?

Thank a lot

Udi

[Roey Berman]

Hi Udi,

Are you trying to run an https server with node or do you have a reverse proxy in front of your server (nginx/haproxy)?

If you want socket.io to use https, just pass a key param to the listen() function.

https://github.com/LearnBoost/socket.io/blob/0.9/lib/socket.io.js#L63

You can also run your server behind stunnel.

https://www.stunnel.org/index.html

Udi

--
You received this message because you are subscribed to the Google Groups "Socket.IO" group.
To unsubscribe from this group and stop receiving emails from it, send an email to socket_io+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Udi]

Wow! it works! I just passed my 'key' and 'cert' options to the listen function of socket.io,

But now the problem is that only the SSL connection is available.

Any way to enable both HTTP and HTTPS work simultaneously so I can choose how to connect?

[Roey Berman]

Not sure about that,

You'll probably have to create two io instances, one http and the other https (with the key and cert).

You can run them either in the same process or in 2 different processes.

I've never tried to run 2 instances in the same process but I think it should work.

Having 2 instances means you'll have to synchronize them somehow (RedisStore?)

The other option is running one instance on an http server and run stunnel on a different port.

That way you don't have to change anything in your application if it's not written in a scalable manner.

[Udi]

Roey! Thanks!

I went with the first option, I ran 2 instances of socket.io, one for the http and the second for https.

I solved the sync by using the same handler function to the 'connection' event so now i have:

function ioHandler(socket){}

io.sockets.on('connection', ioHandler);

sslio.sockets.on('connection', ioHandler);

Do you think that problems can arise in this way?

Thanks

[Roey Berman]

It depends which socket.io features you're using.

Each instance keeps track of it's own clients.

So if you try to broadcast or use rooms, it won't work.

[Harald Hanche-Olsen]

[Udi <udi.t...@gmail.com> (2013-02-13 22:15:54 UTC)]

> Is it posible to connect to my socket.io server (listening to port 6060)
> with ssl?

I do it (on a different port) without any difficulty.
Here is my setup, heavily redacted:

var https=require("https"),
fs=require("fs"),
server=https.createServer(
{
key:fs.readFileSync("/some/where/cert/mydomain.key"),
cert:fs.readFileSync("/some/where/cert/mydomain.crt"),
ca:[fs.readFileSync("/some/where/cert/sub.class1.server.ca.pem"),
fs.readFileSync("/some/where/cert/ca.pem")]
}),
io=require("socket.io").listen(server);

after which I set up sessions with session.socket.io, add an express
app, and other stuff that seems irrelevant to the problem at hand,
ending with

server.listen(444,function(err) {
// error handling redacted
process.setuid("someuser");});


- Harald

[Steven Warwick]

Use stunnel as a front end for socket.io

This is a good article on someones setup that is similar

http://afitnerd.com/2012/08/14/websockets-over-ssl-stunnel-haproxy-node-js/

Steven Warwick

Software Developer - BPTrade - SuccessTrade

Office: 250.448.8193

After Hours Cell: 250.864.7838

Udi

--