Join Log in
Score:0
ii iml0sto1 avatar Server

How do I setup a SSL certificate for an express.js server behind a load balancer?

us flag
ii iml0sto1

I'm restructuring my server structure by splitting them up instead of running everything from one server.

I looked here but that just specifies what I were already doing in the original setup with just 1 server.

I'm having a structure like this:

  • 2x Web-Server
  • 1x Load-Balancer
  • 1x Cache-Server
  • 1x Worker-Server
  • 1x Database-Server

Everything works great except the socket connection.

My Load-Balancer has generated an SSL cert

Usually, I point to them like this:

var server = require('https').createServer({
    key: fs.readFileSync('/etc/nginx/ssl/mywebsite.com/1652307/server.key'),
    cert: fs.readFileSync('/etc/nginx/ssl/mywebsite.com/1652307/server.crt'),
}, app);

However, in my socket.js file, I'm unable to point to the certificates because they are now placed on the load balancer.

I have been setting up the infrastructure with laravel forge.

The error I get in the console is: `WebSocket is closed before the connection is established.

I'm using Nginx.

How do I go about this?

84
1 + 3
ssl
Lex Li avatar
vn flag
Lex Li
People will ask what is your web server? nginx or Apache? And what is your load balancer? F5 or something else? In many cases, you can install the certificate on the load balancer and enable SSL offloading, then web servers behind simply connect via HTTP.
0
Reply
ii iml0sto1 avatar
us flag
ii iml0sto1
@LexLi Iam using Nginx, im unaware of F5, can you please elaborate?
0
Reply
cn flag
Mircea Vutcovici
F5 is a company that is selling load-ballancer appliances: https://en.wikipedia.org/wiki/F5,_Inc.
0
Reply
Score:0
avatar Server
cn flag
Mircea Vutcovici

The SSL termination should be on load-ballancer, and in this case you should not enable SSL on backends.

+ 6
ii iml0sto1 avatar
us flag
ii iml0sto1
Could you please elaborate with a little more detail for me? How would I go about this? How do I secure that the socket connection only has access to the load balancer? and what if I create more load balancers? all info is very much welcome
0
Reply
cn flag
Mircea Vutcovici
Which part? SSL needs to be configured on load ballancer, not on web-server backends. What load-ballancer are you using?
0
Reply
ii iml0sto1 avatar
us flag
ii iml0sto1
I edited my comment above, also I'm using ip hashing algo, and the provision provided by laravel forge load balancers, I allow network connections to web-server-01 and web-server-02. Also, port 22, 80 and 443 are allowed by any connection, do I need to open up the firewall for the websocket port to the IP's from web1/web2 server?
0
Reply
cn flag
Mircea Vutcovici
If connectons towards socket.io are not proxied, then you should configure SSL in socket.js file. You can use the same certificates. Check with `ss -tnp;ss -tlnp` the TCP connections and respectively the TCP listening ports.
0
Reply
ii iml0sto1 avatar
us flag
ii iml0sto1
Micrea, could we do a 1on1 somehow?
0
Reply
ii iml0sto1 avatar
us flag
ii iml0sto1
I think i found a profile reflecting your skills
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.