Issue with Soketi on SSL site in Forge: "WebSocket is closed before the connection is established."

Hi everyone,

It's been a few weeks I try to use Soketi for a client on a site with a SSL certificate, using Laravel blog as a tutorial: https://blog.laravel.com/deploying-soketi-to-laravel-forge.

When using Soketi on the "default" server, using direct IP address without https and certificate, everything goes fine. Laravel Echo connects to Soketi and messages are broadcasted fine.

When adding the domain name and certificate, Laravel Echo takes 10 seconds before sending me a this warning. WebSocket connection to 'wss://206.189.185.255:6001/app/app-key?protocol=7&client=js&version=7.6.0&flash=false' failed: WebSocket is closed before the connection is established.

According to the tutorial, I should be able to access websockets. What is going wrong here?

Here is the environment variables on the Forge site. (.env)

PUSHER_HOST=dudesnude.chat
PUSHER_PORT=6001
PUSHER_SCHEME=https
PUSHER_APP_ID=app-id
PUSHER_APP_KEY=app-key
PUSHER_APP_SECRET=app-secret

VITE_PUSHER_HOST="${PUSHER_HOST}"
VITE_PUSHER_PORT="${PUSHER_PORT}"
VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"

The Laravel Echo instance creation code (resources/js/bootstrap.js)

import Echo from 'laravel-echo';
import Pusher from 'pusher-js';

window.Pusher = Pusher;

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: import.meta.env.VITE_PUSHER_APP_KEY,
    wsHost: import.meta.env.VITE_PUSHER_HOST,
    wsPort: import.meta.env.VITE_PUSHER_PORT,
    wssPort: import.meta.env.VITE_PUSHER_PORT,
    forceTLS: import.meta.env.VITE_PUSHER_SCHEME === 'https',
    encrypted: true,
    disableStats: true,
    enabledTransports: ['ws', 'wss'],
});

The settings on config/broadcasting.php

<?php

return [
    'default' => env('BROADCAST_DRIVER', 'null'),
	
    'connections' => [
        'pusher' => [
            'driver' => 'pusher',
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'app_id' => env('PUSHER_APP_ID'),
            'options' => [
                'host' => env('PUSHER_HOST', '127.0.0.1'),
                'port' => env('PUSHER_PORT', 6001),
                'scheme' => env('PUSHER_SCHEME', 'http'),
                'encrypted' => true,
                'useTLS' => env('PUSHER_SCHEME') === 'https',
            ],
            'client_options' => [
                // Guzzle client options: https://docs.guzzlephp.org/en/stable/request-options.html
    	    ],
    	],
	],
		//...
];

The NGINX configuration file for site

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/dudesnude.chat/before/*;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name dudesnude.chat;
    server_tokens off;
    root /home/forge/dudesnude.chat/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/dudesnude.chat/1636400/server.crt;
    ssl_certificate_key /etc/nginx/ssl/dudesnude.chat/1636400/server.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/dudesnude.chat/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/dudesnude.chat-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/dudesnude.chat/after/*;

modernbabbage

2 years ago

Level 2

Facing this same issue. Where you able to resolve it?

hnccox

2 years ago

Level 1

Same issue here.

Please report back with the solution if you have it.

cariboufute

2 years ago

Best Answer

Level 1

Yes, I have been able to resolve it. Here are the new files. Too bad the sys admin of our team flushed our test servers but I followed step by step the blog here.

https://blog.laravel.com/deploying-soketi-to-laravel-forge https://blog.laravel.com/deploying-soketi-to-laravel-forge-part-2

1 like

iamvinny

1 year ago

Level 2

I wrote a detailed article / guide about this in case anyone is interested :)

https://medium.com/@viniciusamparo/setting-up-a-soketi-server-and-securely-forwarding-requests-with-nginx-reverse-proxy-62aca2cfc8c1

Please or to participate in this conversation.