Bitz Bitz - 1 year ago 79
Node.js Question

Securing a Socket.IO Websocket and restricting it to a domain

So I am an absolute beginner at Socket.IO, but I have a pre built application that needs to be secured in two ways: It needs to be transmitted over HTTPS and it needs to be restricted to only server data to a specific domain.

This is the code for the emitter thus far:
How do I go about securing it?
I assume something along the lines of

io.set('origins', '*');

on line 156 would restrict it to one domain...
Could I maybe blacklist only specific domains instead?
Beyond that, how do I make it emit over https via wss?

Currently the console shows:
bye bye ws over https

I think I can figure out how to configure the web sided reader to look for the over https websocket, but getting it to send is not something I know how to figure out.
Please use simple words I am not a smart cookie. :(

Answer Source

I found the solution.

In the apache2 site config file for the secure config (*:443), add the following:

#This enables polling over https. Painfully inefficient but a good fallback
SSLProxyEngine on
ProxyPass / 
ProxyPassReverse /

#This upgrades and rewrites the ws to wss
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:49002%{REQUEST_URI} [P]
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download