WebSocket connection no longer working after activating Cloudflare

After changing the nameservers and activating Cloudflare, my website is working fine - except for the connection to my WebSocket server, which is hosted on a subdomain (ws.domain.com).

I use Laravel websockets.

I run the websocket server locally on the server through port 6001. To connect to it, all traffic is routed through a reverse proxy via nginx, which adds SSL to it (see here).

Web console log doesn’t tell much:

WebSocket connection failed: WebSocket is closed before the connection is established.

  • WebSockets is enabled in Cloudflare under Network
  • SSL/TLS encryption mode is set to Full (Strict). Full has the same result. Flexible gives the website an endless redirect loop.
  • SSL certs are server-side from Let’s Encrypt.

Would be very happy about any guidance. Cheers!

This is what my Nginx config looks like (worked beautifully before):

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.ws.domain.com;
    server_tokens off;
    root /home/forge/www.ws.domain.com/public;

    ssl_certificate /etc/nginx/ssl/www.ws.domain.com/xxx/server.crt;
    ssl_certificate_key /etc/nginx/ssl/www.ws.domain.com/xxx/server.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers xxxx-xxxx-xxx...;
    ssl_prefer_server_ciphers off;
    ssl_dhparam /etc/nginx/dhparams.pem;

    charset utf-8;

    location / {
        proxy_pass   ;
        proxy_read_timeout     60;
        proxy_connect_timeout  60;
        proxy_redirect         off;
        # Allow the use of websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

    access_log off;
    error_log  /var/log/nginx/www.ws.domain.com-error.log error;

Where is this resolved? Local to the server (in a hosts file or your own DNS), or is this record on Cloudflare?

Note that the default Universal SSL only covers the domain and first-level subdomains (example.com and *.example.com) so if you need a Cloudflare edge certificate for www.ws, then you need to use the Advanced Certificate Manager.

I’m not sure. ws.domain.com is hosted on the same server as domain.com, just with a different nginx (see above).

As for DNS settings, I just took all of the DNS settings from my domain provider and put them into Cloudflare. Then, I changed the nameservers. My domain provider still shows the old DNS settings, but since the nameservers are changed, they should be ignored, right?

DNS settings on Cloudflare:

When I try to connect to wss://ws.domain.com instead of wss://www.ws.domain.com, I still get the same error.

Okay, you were actually right. I had to completely get rid of www. everywhere and now it’s working perfectly fine. I always forget that www is a subdomain itself.

Kind of weird now that my main site is running on www.domain.com but requests websockets via ws[dot]domain.com. Well, anyway, thank you!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.