How to enable Socket.IO with Cloudflare Proxy enabled for ERPNext/Frappe?

What is the name of the domain?

erp.example.app

What is the error message?

WebSocket connection to ‘wss://erp.example.app/socket.io/?EIO=4&transport=websocket&sid=KQgMBEv2Fj-5fQM0AAAW’ failed: WebSocket is closed before the connection is established.

What is the issue you’re encountering

I am using Cloudflare to proxy my ERPNext/Frappe server, and when Cloudflare proxy is enabled, WebSocket (Socket.IO) fails to connect. The error message shows that the WebSocket is closed before the connection can be established.

What steps have you taken to resolve the issue?

I have tried switching Cloudflare to “DNS only” mode, which resolves the WebSocket issue. However, I want to keep Cloudflare proxy enabled for security and firewall protection while allowing Socket.IO to function properly.

What feature, service or problem is this related to?

DNS records

What are the steps to reproduce the issue?

1- Set up Cloudflare proxy for the domain.
2- Try to connect to the WebSocket (wss://erp.example.app/socket.io/).
3- Observe the error that occurs: “WebSocket is closed before the connection is established.”

May I ask if WebSocket feature is enabled at Cloudflare dashboard as well? :thinking:

May I ask if it is working over HTTPS and wss on the origin? :thinking:

May I ask if you are proxying it via Nginx at origin? :thinking:

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )? :thinking:

  • Is it working over HTTPS and wss on the origin?
  • Yes, it is working over HTTPS and wss on the origin server. However, the issue arises when Cloudflare proxy is enabled.
  • Are you proxying it via Nginx at origin?
  • Yes, I am using Nginx as a reverse proxy for the ERPNext/Frappe server.
  • What SSL option have you got selected under the SSL/TLS tab at the Cloudflare dashboard for your domain (Flexible, Full, Full Strict)?
  • I have tried both Full and Full Strict SSL options, but the WebSocket connection still fails when Cloudflare proxy is enabled.

The issue was caused by a firewall rule I had set up to block traffic from all countries except one. Since WebSocket connections (via /socket.io) use the same protocol (HTTP/HTTPS) for the initial connection, the rule was unintentionally blocking WebSocket traffic.

To fix the issue, I made the following adjustments to the firewall rules:

  1. Allowed all traffic from ABC Country (my country of interest).
  2. Created an exception for the the droplet ip to bypass the country-blocking rule for WebSocket traffic.
1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.