0

I'm restructuring my server structure by splitting them up instead of running everything from one server.

I looked here but that just specifies what I were already doing in the original setup with just 1 server.

I'm having a structure like this:

  • 2x Web-Server
  • 1x Load-Balancer
  • 1x Cache-Server
  • 1x Worker-Server
  • 1x Database-Server

Everything works great except the socket connection.

My Load-Balancer has generated an SSL cert

Usually, I point to them like this:

var server = require('https').createServer({
    key: fs.readFileSync('/etc/nginx/ssl/mywebsite.com/1652307/server.key'),
    cert: fs.readFileSync('/etc/nginx/ssl/mywebsite.com/1652307/server.crt'),
}, app);

However, in my socket.js file, I'm unable to point to the certificates because they are now placed on the load balancer.

I have been setting up the infrastructure with laravel forge.

The error I get in the console is: `WebSocket is closed before the connection is established.

I'm using Nginx.

How do I go about this?

ii iml0sto1
  • 101
  • 2
  • People will ask what is your web server? nginx or Apache? And what is your load balancer? F5 or something else? In many cases, you can install the certificate on the load balancer and enable SSL offloading, then web servers behind simply connect via HTTP. – Lex Li Jan 24 '23 at 16:48
  • @LexLi Iam using Nginx, im unaware of F5, can you please elaborate? – ii iml0sto1 Jan 24 '23 at 19:52
  • F5 is a company that is selling load-ballancer appliances: https://en.wikipedia.org/wiki/F5,_Inc. – Mircea Vutcovici Jan 24 '23 at 20:09

1 Answers1

0

The SSL termination should be on load-ballancer, and in this case you should not enable SSL on backends.

Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83
  • Could you please elaborate with a little more detail for me? How would I go about this? How do I secure that the socket connection only has access to the load balancer? and what if I create more load balancers? all info is very much welcome – ii iml0sto1 Jan 24 '23 at 20:05
  • Which part? SSL needs to be configured on load ballancer, not on web-server backends. What load-ballancer are you using? – Mircea Vutcovici Jan 24 '23 at 20:07
  • I edited my comment above, also I'm using ip hashing algo, and the provision provided by laravel forge load balancers, I allow network connections to web-server-01 and web-server-02. Also, port 22, 80 and 443 are allowed by any connection, do I need to open up the firewall for the websocket port to the IP's from web1/web2 server? – ii iml0sto1 Jan 24 '23 at 20:12
  • If connectons towards socket.io are not proxied, then you should configure SSL in socket.js file. You can use the same certificates. Check with `ss -tnp;ss -tlnp` the TCP connections and respectively the TCP listening ports. – Mircea Vutcovici Jan 24 '23 at 20:31
  • Micrea, could we do a 1on1 somehow? – ii iml0sto1 Jan 24 '23 at 20:32
  • I think i found a profile reflecting your skills – ii iml0sto1 Jan 24 '23 at 20:44