0

I've deployed my Laravel project that using socket io on nginx

here is the server spec :

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

here is my config file :

server {
    listen       443 ssl;
    server_name  website.tld;
    proxy_pass_header Server;
    proxy_buffering off;
    server_tokens off;
    
    ssl_certificate      /etc/nginx/ssl/biz/ssl.crt;
    ssl_certificate_key  /etc/nginx/ssl/biz/ssl.key;

    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    proxy_cookie_path / "/; secure;";
    ssl_prefer_server_ciphers   on;
    server_name_in_redirect on;    
    proxy_buffer_size   128m;
    proxy_buffers   4 256m;
    proxy_busy_buffers_size   256m;



    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
 
    root /home/laravel/public_html/public;
    index  index.php;

    # Requests for socket.io are passed on to Node on port 3000
    location /socket.io {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto  https;
      proxy_set_header X-VerifiedViaNginx yes;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy false;

      proxy_pass http://localhost:3000;
      proxy_redirect off;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }

    location / {
         try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$
    {
       # try_files $uri $uri/ /index.php?$args;
        try_files $uri /index.php$request_uri;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

But when accessed into https://website:3000 the output on the browser :

This site can’t provide a secure connection website.tld sent an invalid response. ERR_SSL_PROTOCOL_ERROR

Any mistakes with my config ?

Roby Firnando Yusuf
  • 103
  • 2

1 Answers1

0

To load your web site you don't need to specify a port number. Just https://website.example will do. The reason is that you now have nginx serving your web site on port 443, the default https port. But you tried to access the socket.io server directly bypassing nginx (and using https, which it isn't speaking). When you remove the port number, it will connect to nginx on port 443 instead.

Also, for security, you should ensure that your socket.io server only listens for connections on localhost, so that malicious users can't bypass nginx and connect directly to it.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972