Friends,
Ever wonder how to get websockets working with SSL on your own server
deployments? Frustrated that all the material online gets SSL working, but
curiously ignores websocket-over-SSL functionality? Hate DISABLE_WEBSOCKETS?
Check out the instructions below for setting up SSL for meteor with
websocket support.
This was adapted from my DevOps bible for *workpop♥, *my jobs market
startup for hourly employees.
*We're built on meteor. Contact me at ben [ at ] workpop.com. Our investors
include but are not limited to SV Angel, Joe Lonsdale and Aaron Levie.
We're looking for front-end meteor developers.*
*I'm also looking for game developers interested in finishing PartyGame,
open sourced here - https://github.com/hiddenswitch/PartyGame-Web - for
$$$. It needs to be refreshed for Meteor 0.7 & Blaze, and it needs a native
iOS client.*
Check out https://github.com/hiddenswitch/Meteor-Unity for my Unity3D /
Mono / C# Meteor client with LocalCollection support.
1.
Install dependencies on your host machine. For ubuntu precise:
# Install apache2 for SSL, node
sudo add-apt-repository ppa:chris-lea/node.js
sudo add-apt-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-get install -y python-software-properties python g++ make
sudo apt-get install nodejs libssl-dev git phantomjs
sudo apt-get install apache2=2.4.9-1+deb.sury.org~precise+1# Install meteor
curl https://install.meteor.com/ | sh# Install meteorite
sudo npm install -g meteorite
2.
Configure your certs. From
http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache?locale=en
sudo cp yourdomain.com.crt /etc/ssl/certs/yourdomain.com.crt
sudo cp yourdomain.key /etc/ssl/private/yourdomain.key
sudo mkdir -p /etc/apache2/ssl.crt
# This is your domain provider's certificate chain
sudo cp godaddy.crt /etc/apache2/ssl.crt/godaddy.crt
3.
Configure apache2 to proxy the SSL. An example configuration:
<IfModule mod_ssl.c>
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
# This allows DDP clients like ObjectiveDDP and Meteor-Unity to connect
RewriteRule ^/websocket wss://%{HTTP_HOST}/websocket [NC,R,L]
# This allows the meteor webapp to connect
RewriteRule ^/sockjs/(.*)/websocket wss://%{HTTP_HOST}/sockjs/$1/websocket [NC,R,L]
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin youremail [ at ] example.com
ServerName https://yourdomain.com
## SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
## Proxy to port 3000 for Meteor apps
SSLProxyEngine On
ProxyRequests Off # Disable forward proxying
# This allows DDP clients like ObjectiveDDP and Meteor-Unity to connect
ProxyPass /websocket ws://localhost:3000/websocket
# This allows the meteor webapp to connect
ProxyPassMatch ^/sockjs/(.*)/websocket ws://localhost:3000/sockjs/$1/websocket
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
SSLCertificateFile /etc/ssl/certs/yourdomain.com.crt
SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
SSLCACertificateFile /etc/apache2/ssl.crt/godaddy.crt
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
4.
Copy the configuration file and run apache2:
sudo cp yourdomain-com.conf /etc/apache2/sites-available/yourdomain-com.conf# Enable all the necessary apache modules
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
sudo a2enmod rewrite
sudo a2ensite yourdomain-com
sudo service apache2 reload
sudo service apache2 restart
Ever wonder how to get websockets working with SSL on your own server
deployments? Frustrated that all the material online gets SSL working, but
curiously ignores websocket-over-SSL functionality? Hate DISABLE_WEBSOCKETS?
Check out the instructions below for setting up SSL for meteor with
websocket support.
This was adapted from my DevOps bible for *workpop♥, *my jobs market
startup for hourly employees.
*We're built on meteor. Contact me at ben [ at ] workpop.com. Our investors
include but are not limited to SV Angel, Joe Lonsdale and Aaron Levie.
We're looking for front-end meteor developers.*
*I'm also looking for game developers interested in finishing PartyGame,
open sourced here - https://github.com/hiddenswitch/PartyGame-Web - for
$$$. It needs to be refreshed for Meteor 0.7 & Blaze, and it needs a native
iOS client.*
Check out https://github.com/hiddenswitch/Meteor-Unity for my Unity3D /
Mono / C# Meteor client with LocalCollection support.
1.
Install dependencies on your host machine. For ubuntu precise:
# Install apache2 for SSL, node
sudo add-apt-repository ppa:chris-lea/node.js
sudo add-apt-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-get install -y python-software-properties python g++ make
sudo apt-get install nodejs libssl-dev git phantomjs
sudo apt-get install apache2=2.4.9-1+deb.sury.org~precise+1# Install meteor
curl https://install.meteor.com/ | sh# Install meteorite
sudo npm install -g meteorite
2.
Configure your certs. From
http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache?locale=en
sudo cp yourdomain.com.crt /etc/ssl/certs/yourdomain.com.crt
sudo cp yourdomain.key /etc/ssl/private/yourdomain.key
sudo mkdir -p /etc/apache2/ssl.crt
# This is your domain provider's certificate chain
sudo cp godaddy.crt /etc/apache2/ssl.crt/godaddy.crt
3.
Configure apache2 to proxy the SSL. An example configuration:
<IfModule mod_ssl.c>
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
# This allows DDP clients like ObjectiveDDP and Meteor-Unity to connect
RewriteRule ^/websocket wss://%{HTTP_HOST}/websocket [NC,R,L]
# This allows the meteor webapp to connect
RewriteRule ^/sockjs/(.*)/websocket wss://%{HTTP_HOST}/sockjs/$1/websocket [NC,R,L]
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin youremail [ at ] example.com
ServerName https://yourdomain.com
## SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
## Proxy to port 3000 for Meteor apps
SSLProxyEngine On
ProxyRequests Off # Disable forward proxying
# This allows DDP clients like ObjectiveDDP and Meteor-Unity to connect
ProxyPass /websocket ws://localhost:3000/websocket
# This allows the meteor webapp to connect
ProxyPassMatch ^/sockjs/(.*)/websocket ws://localhost:3000/sockjs/$1/websocket
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
SSLCertificateFile /etc/ssl/certs/yourdomain.com.crt
SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
SSLCACertificateFile /etc/apache2/ssl.crt/godaddy.crt
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
4.
Copy the configuration file and run apache2:
sudo cp yourdomain-com.conf /etc/apache2/sites-available/yourdomain-com.conf# Enable all the necessary apache modules
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
sudo a2enmod rewrite
sudo a2ensite yourdomain-com
sudo service apache2 reload
sudo service apache2 restart