Laravel-websocket with AWS

I'm looking for help to implement Websocket in my Laravel application using the Laravel-Websocket package. It is working correctly in my local environment, but I'm facing problems to make it work with SSL (wss) in the homologation environment. My server is hosted on AWS, and the certificates are managed by ACM, which means I don't have access to the keys or certificates themselves.

Can someone guide me on how to successfully implement this? I appreciate any help in advance.

bootstrap.js

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: process.env.MIX_PUSHER_APP_KEY,
    cluster: process.env.MIX_PUSHER_APP_CLUSTER,
    wsHost: window.location.hostname,
    wsPort: 6001,
    wssPort: 6001,
    forceTLS: true,
    disableStats: true,
    enabledTransports: ['ws', 'wss']
});

Broadcasting.php

'pusher' => [
            'driver' => 'pusher',
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'app_id' => env('PUSHER_APP_ID'),
            'options' => [
                'cluster' => env('PUSHER_APP_CLUSTER'),
                'encrypted' => true,
                'useTLS' => true,
                'host' => '127.0.0.1',
                'port' => 6001,
                'scheme' => 'https'
            ],
        ],

websockets.php

return [

    'dashboard' => [
        'port' => env('LARAVEL_WEBSOCKETS_PORT', 6001),
    ],

    'apps' => [
        [
            'id' => env('PUSHER_APP_ID'),
            'name' => env('APP_NAME'),
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'path' => env('PUSHER_APP_PATH'),
            'capacity' => null,
            'enable_client_messages' => false,
            'enable_statistics' => false,
        ],
    ],

    'app_provider' => BeyondCode\LaravelWebSockets\Apps\ConfigAppProvider::class,

    'allowed_origins' => [

    ],

    'max_request_size_in_kb' => 250,

    'path' => 'laravel-websockets',

    'middleware' => [
        'web',
        Authorize::class,
    ],

    'statistics' => [

        'model' => \BeyondCode\LaravelWebSockets\Statistics\Models\WebSocketsStatisticsEntry::class,

        'logger' => BeyondCode\LaravelWebSockets\Statistics\Logger\HttpStatisticsLogger::class,

        'interval_in_seconds' => 60,

        'delete_statistics_older_than_days' => 60,

        'perform_dns_lookup' => false,
    ],

    'ssl' => [

        'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),

        'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),

        'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),
    ],

    'channel_manager' => \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManagers\ArrayChannelManager::class,
];

"I'm currently facing an issue with the SSL block, as all fields are receiving null values. Unfortunately, I'm not sure where to find the certificate path, how to generate it, or how to configure it correctly.

Therefore, any tips or suggestions would be greatly appreciated!

LaryAI

3 years ago

Level 58

To use SSL with Laravel-Websocket package on AWS, you can use the AWS Certificate Manager (ACM) to manage your SSL certificates. You can follow these steps:

Request a certificate from ACM and validate it for your domain.
Once the certificate is issued, you can use it with your load balancer or CloudFront distribution.
Update your Laravel-Websocket configuration to use the SSL certificate.

Here's an example of how to update your configuration:

'ssl' => [
    'local_cert' => null,
    'local_pk' => null,
    'passphrase' => null,
    'verify_peer' => false,
    'allow_self_signed' => true,
    'verify_depth' => 0,
],

You can set the local_cert and local_pk values to the ARN of your SSL certificate in ACM. You can also set the verify_peer value to true and allow_self_signed to false to enable SSL verification.

Additionally, you may need to update your bootstrap.js and broadcasting.php files to use the correct SSL settings. Here's an example:

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: process.env.MIX_PUSHER_APP_KEY,
    cluster: process.env.MIX_PUSHER_APP_CLUSTER,
    wsHost: window.location.hostname,
    wsPort: 6001,
    wssPort: 443,
    forceTLS: true,
    disableStats: true,
    enabledTransports: ['ws', 'wss']
});

'pusher' => [
    'driver' => 'pusher',
    'key' => env('PUSHER_APP_KEY'),
    'secret' => env('PUSHER_APP_SECRET'),
    'app_id' => env('PUSHER_APP_ID'),
    'options' => [
        'cluster' => env('PUSHER_APP_CLUSTER'),
        'encrypted' => true,
        'useTLS' => true,
        'host' => 'yourdomain.com',
        'port' => 443,
        'scheme' => 'https'
    ],
],

Make sure to replace yourdomain.com with your actual domain name.

With these changes, your Laravel-Websocket package should work with SSL on AWS.

Brigitte

2 years ago

Level 2

This can be a very long post so here is the gist of it. Then you can ask me more questions if you'd like.

We use AWS ALB and a dedicated EC2 instance for the Laravel websocket server
We have the websocket traffic go through HTTPS on the ALB on port 6001 (so Echo should use the wssPort property) so that takes care of dealing with the ACM
The ALB rule redirects the traffic to port 443 on the websocket instance
The websocket EC2 instance's Nginx proxies the request to port 6001 to the laravel websocket process
You have to make sure your security groups egress and ingress rules allow traffic in and out of your websocket instance

Here is my Echo config

const options = {
      broadcaster: 'pusher',
      key: process.env.MIX_PUSHER_APP_KEY,
      cluster: 'mt1',
      encrypted: false,
      wsHost: window.location.hostname,
      wssHost: window.location.hostname,
      wsPort: 6001,
      wssPort: 6001,
      disableStats: true,
      forceTLS: false
    }

Also, Laravel websockets package has an error everybody is complaining about. I did apply this fix by dbohn here https://github.com/beyondcode/laravel-websockets/pull/1147`

Please or to participate in this conversation.