Secure WebSocket over TLS is strongly recommended for use in production environments and prevents data sniffing or modification from the time the data is submitted through the WebSocket protocol to the time it's received by the end-user.
This article will step you through the process of setting up secure WebSockets through HTTPS using an Apache webserver.
The reason is: the Apache web server needs access to the SSL certificate, the private key, and an intermediate CA (Certifying Authority) certificates if applicable. For modularity, it is better to separate the components into separate directories. A web server is a network service that serves content to a client over the web. This typically means web pages, but any other documents can be served as well. Web servers are also known as HTTP servers, as they use the hypertext transport protocol (HTTP). The Apache HTTP Server, httpd, is an open source web server developed by the Apache Software Foundation. The SSLCertificateFile and SSLCertificateKeyFile directives in the SSL.conf file must point to the corresponding certificate and key files. If you are using Apache virtual host feature, each virtual host you want to secure must have its own private key and server certificate. Generate a Private Key SSL uses keys to encrypt and decrypt messages. Here is a short note on how to configure Apache to use a certificate file for SSL or How to enable https in Apache httpd server. After you enable SSL in the web server configuration, you should be able to access the application using https. Install The modssl Plugin. Make sure that modssl is installed.
Create and Install your SSL Certificate
An SSL certificate is required for the WebSocket WSS (WebSocket Security) protocol to work in production environments that use the HTTPS protocol for the website. If your website uses an SSL certificate, you'll be required to use the WSS protocol for secure communications. There is no way around this.
Make sure that you create and install your SSL certificate first. If you've already completed this step, you can move onto the remaining WebSocket setup steps below.
Configure a Secure WebSocket in Apache
Thankfully, Apache has made this super simple to set up performing a few quick configuration updates and the ProxyPass and ProxyPassReverse directives.
To start, we'll need to enable the mod_proxy module in Apache with the following command-line command:
Next, we'll need to load up the Apache configuration file that contains your virtual hosts. This is generally located in the following server directory:
Once you've found and opened the Apache configuration file, we'll need to load the mod_proxy module somewhere above your listing of virtual hosts:
Map the Secure WebSocket to a Proxy
Finally, we'll be using the ProxyPass and ProxyPassReverse directives to map the WebSocket data transferred to the correct location for anyone within your website or application that's listening.
Let's assume that our WebSocket connection will take place at the following URL:
Since the /wss directory technically doesn't exist on our server, we'll need to map it to a secure port using a proxy inside our Apache virtual host node for our website:
You'll notice that a port is assigned to theProxyPassandProxyPassReversedirective URL's. Make sure that the port you select is available for use and that there are no restrictions to that port on your server. Some hosting providers close off most of your server's ports by default for security reasons and will require you to manually set up or request to allow access.
Restart Your Apache Webserver
Apache Web Server Tutorial
To restart your Apache webserver, use the following command-line command:
If no errors were found in your Apache configuration during the webserver restart, you should not see any error messages reported in the command-line console and all should be working as expected.
Conclusion
At this point, our secure WebSocket for HTTPS configuration should be set up successfully on our server.
Apache Web Server Ssl Configuration
As an example, you can tie this configuration together by creating a chat room with JavaScript to see how the client-side and server-side pieces work together.
Apache Web Server Ssl Client Authentication
Ubuntu with Apache is the easiest way to accomplish this. If anyone needs instructions on how to set this up in a Windows environment, let me know and I'll put something together.