Connection to server not reached

knot · February 24, 2025, 3:40am

What is the name of the domain?

site.ru

What is the issue you’re encountering

WSS Connection to server not reached

What steps have you taken to resolve the issue?

Tried all settings and solutions

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

I’ve already read all the topics, tried all the modes, different settings, nothing helps (I’m missing something, but I don’t understand what, help me)
Problem with sockets, doesn’t reach the server.
I use SocketIO and NodeJs.
All the settings are done, nothing is blocked anywhere, everything is allowed, the server connects successfully and supports methods [GET, POST]:

…
StartServer → HTTPS Server Listening On 0.0.0.0 : 2096
…

After attempting to connect:

Request URL:
wss://site.ru/socket.io/?EIO=4&transport=websocket
Request Method:
GET
Status Code:
101 Switching Protocols
access-control-allow-credentials:
true
access-control-allow-origin:
https://site.ru
alt-svc:
h3=“:443”; ma=86400
cf-cache-status:
DYNAMIC
cf-ray:
91690ebbc9dd9981-CPH
connection:
upgrade
date:
Sun, 23 Feb 2025 17:50:19 GMT
nel:
{“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
report-to:
{“endpoints”:[{“url”:“https://a.nel.cloudflare.com/report/v4?s=aqj34kyELzpEEpjkWBEkwkx1mApETj%2FZ2re%2FQSfupqHHfSt01jjcAiUME%2Fje86aeeV9fK1LwnZT3Vs6j7ym3YvX574Bbx0gIaRecsoRETEq2Tm%2FRapj33RP9EL6UwJJv"}],“group”:“cf-nel”,"max_age”:604800}
sec-websocket-accept:
2VoedoVk8I6isSr5RpySpAPT+no=
server:
cloudflare
server-timing:
cfL4;desc=“?proto=TCP&rtt=137533&min_rtt=137464&rtt_var=51688&sent=7&recv=7&lost=0&retrans=0&sent_bytes=3669&recv_bytes=2502&delivery_rate=31734&cwnd=252&unsent_bytes=0&cid=bfb6be6da5f924ea&ts=266&x=0”
upgrade:
websocket
vary:
Origin

What to do?
It doesn’t reach my server, there are no errors, it breaks into some other cloud server, I can’t understand anything, this wretched bot doesn’t know anything at all, these options names are constantly changing!

What a madhouse.

On the server side, a purchased reliable certificate is used, the Full mode is used, since Strict is not available for free accounts.
And as far as I understand, a free one is issued.

What to do and how to be?

knot · February 24, 2025, 6:56am

The problem, as I understand it, spreads further…

There is no solution?

I’m trying to understand what this is connected to. Why is the connection successful, but when I try to send data, it says the server is unavailable?

Could this be related to different certificates?

There is a purchased, reliable certificate on the server, not a free one. However, Cloudflare issues a free one from its resources because, in order to add a reliable purchased certificate, you need to pay for some unknown reason. Why is this necessary?

Why did they implement it this way?

They already bought it, and it wasn’t cheap. Do they want you to buy more from them?

Without support for free accounts, it won’t be possible to use paid certificates, will it? Is this probably the whole problem? Has anyone managed to solve this?

Should I look for other alternatives to this service?

knot · February 24, 2025, 7:51am

In general, as I understand it, the traffic is not being redirected to the server endpoint, and this needs to be specified somewhere, but it’s not yet clear where.

You can try creating a new “WebSocket” rule in the Cloudflare “Firewall” settings. I found the rules and tried to add the server endpoint, but I did not see the WebSocket option in the drop-down list.

Where should I specify them?

sjr · February 24, 2025, 7:57am

What is the real server hostname?

For testing, do you also have a URL on that server that doesn’t use web sockets?

knot · February 24, 2025, 8:20am

Real address: wss://sailorknot.ru:2096/socket.io/?EIO=4&transport=websocket

knot · February 24, 2025, 10:27am

Guys, I figured it out, and it’s not surprising - the whole problem is with the headers access-control-allow-credentials and access-control-allow-origin.

It’s also important to have the correct proxy settings on the NGINX side.

So, here’s what I did to make it work for me.

First, you need to open /nginx/nginx.conf.
And in the http block, add:

http {
.....
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
.....
}

Next, in /nginx/conf.d/default.conf (the file responsible for the domain routes):

location /socket.io/ {
    proxy_pass https://127.0.0.1:2096;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

In nodejs/server.js , I added:

this.#express.use(cors({
     origin: '*',
     methods: Settings.methods
}));

Similarly, in SocketIO:

SocketIO(this.#server, {
    cors: {
        origin: '*',
        methods: Settings.methods,
        credentials: true
    }
});

Don’t forget to include credentials: true.

Be sure to specify * in the origin parameter, or add the cloudflare domain from which Node.js is accessing the server, since it is accessing from there.

On the client side, you need to include the parameter: withCredentials: true.

io('https://sailorknot.ru:2096', {
      secure: true,
      transports: ['websocket'],
      withCredentials: true
});

Finally, I saw the access logs on my server! Hooray!

Topic		Replies	Views
Fail to connect WSS on port 8443 DNS & Network	1	15	February 18, 2025
Firefox cant establish secure websocket connection Security dash-ssl-tls	9	4725	December 28, 2018
Web-socket error Website, Application, Performance	2	2667	April 13, 2020
Wss websocket General	4	1186	November 25, 2023
Issue with php websockets Access	2	2457	May 29, 2020