Socket.io over https with cloudflare

dash-crypto
#1

Hello,

I have a website that uses socket.io to send chat messages, in local it works great, and some time ago I managed to make it work in a server through https.
Now that I have started using cloudflare, I have noticed that the chat service has stopped working and I have been trying for several days to find a solution but without success.

The code is the following:
On server:

const fs = require('fs'),
options = {
    key: fs.readFileSync('/etc/letsencrypt/live/domain.net/privkey.pem'),
    cert: fs.readFileSync('/etc/letsencrypt/live/domain.net/cert.pem'),
    ca: fs.readFileSync('/etc/letsencrypt/live/domain.net/chain.pem')},
app = require('express')(),
server = require('https').Server(options, app),
allowedOrigins = '*:*',
io = require('socket.io')(server, {origins: allowedOrigins, wsEngine: 'ws'});

server.listen(2053, function(){
    console.log('listening on *:2053');
});

app.get('/', function(req, res){
    res.send('server is running');
});

On client:

this.basicSo = io.connect("https://beta.domain.net:2053", { secure: true, query: {userID:'miuserID'} });
this.basicSo.on('connect_error', this.connect_error.bind(this));
this.basicSo.on('connect', this.basic_authenticate.bind(this));

private connect_error():void{
        console.log("connect error");
 }
private basic_authenticate():void{
        this.basicSo.emit('authenticate', {pass:this._kHandshakeChat});
 }

When I open the client, I continuously receive the log of “connect error”
In fact I am not able to see anything when I write in the browser https://beta.domain.net:2053 and i think i should see the message ‘server is running’

<IfModule mod_ssl.c>
<VirtualHost *:2053>
    DocumentRoot "/opt/ChatServer"
    ServerName beta.domain.net
    ErrorLog "/var/log/httpd/domain_beta_chat_log"
    CustomLog "/var/log/httpd/domain_beta_chat_log" common
        <Directory /opt/ChatServer>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
        </Directory>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domain.net/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.net/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/domain.net/chain.pem
</VirtualHost>
</IfModule>

When i run sudo firewall-cmd --zone=public --list-ports i see
2053/tcp

Can someone help me?

#2

Are websocket enabled under the Network section in the control panel?

1 Like
#3

Yes, the switch is on

#4

Can you post the URLs in question?

#5

#6

Port 2053 does not seem to be open on your server.

1 Like
#7

Do you know what may be causing it? As I said when i run firewall-cmd --zone=public --list-ports i see the port open, so I have run out of ideas. Thank you so much.

#8

If you can confirm the service is responding on your server it likely is the firewall, but that comes down its specific configuration.

#9

Your server code doesn’t look like a socket. I expect

io.on('connection', function(socket){
  console.log('an user connected');
});

rather than

app.get('/', function(req, res){
    res.send('server is running');
});

That’s is express not a socket.

#10

Yes, i have the service running

If I do netstat -ln i see

Also if I do sudo systemctl stop iptables I see “service not loaded” so it can not be in conflict with firewalld

I create hello world html page and i receive 522 error when try to access it
https://beta.whitespell.net:2053/hola.html

Could be possible that this dont work because 2053 is listen under tcp6 and i dont have any AAA record domain under ip6?

#11

Yes i put that trying to test what is happening, i also have this in the server code

let basic = io.on('connection', function(socket){
    console.log("loggin "+socket.id);
});

But the problem is still there.

1 Like
#12

What if you bypass CF (gray cloud in your panel)? If without CF in the middle app works then you can be sure something is wrong with CF settings.

#13

SOLVED: As sandro said it was the firewall. In this case, i have remembered to login to my aws server and look all the configuration, and i have seen that the port 2053 was bad configured.

Thank you all so much!!!

2 Likes
#14

Sorry but I’m experiencing the same error again, after getting everything to work, seeing that the problem seemed to be that AWS had misconfigured the inboud rules for port 2053, I made a transfer of domain from hostinger to cloudflare and again I can not access the chat service. And now the port traffic in AWS is well configured. What else may be happening?


I also tried to enable ipv6 on AWS but after seeing this problem I have again disabled ipv6 in case it was the problem but it seems that no…

#15

Can you see if you get a specific error in the browser console (f12 -> console tab)? This would help figure out the issue

#16

I assume the port is once more not open. Would you feel comfortable sharing the new IP address here?

#17

The IP and all the data is the same. It’s true that there must be something blocking the traffic but i don’t know what could be. Was working 1 week ago…

https://beta.whitespell.net:2053/ (Must said ‘server running’…)
https://beta.whitespell.net:2053/hola.html (Must said ‘Hola Mundo’)

I dont see any error code…

#18

Well, it seems to return the expected values. Except for the second URL which shows an error but still seems to reach your server.

http://sitemeer.com/#https://beta.whitespell.net:2053/

#19

Yes that tool said that first url is up, but typing it in the browser nothing happens.
There is where server.js (all the code in first post) is runnig.
What is wrong? When i have the domain with hostinger 1 week ago this was working.

#20

That is not accurate I am afraid.

As I mentioned, it does return the expected values.

What does that command return for you?

ping beta.whitespell.net