Final Git Commit: Setup domain and ssl
If you visit your domain name and open the javascript developer console. You should see the below error.
The page at 'https://algoholic.pro/ws/hi/' was loaded over HTTPS,
but attempted to connect to the insecure WebSocket endpoint 'ws://algoholic.pro:8000/ws/hi'.
This request has been blocked; this endpoint must be available over WSS.
This makes sense, we haven't done anything to ensure secure websocket support. Let's do it now. Change the nginx.conf to include a new location /ws/
worker_processes 4;
events { worker_connections 1024; }
http {
sendfile on;
server_tokens off;
server {
listen 80;
listen [::]:80;
server_name algoholic.pro;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name algoholic.pro;
ssl_certificate /etc/nginx/ssl/live/algoholic.pro/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/algoholic.pro/privkey.pem;
location / {
proxy_pass http://web:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /ws/ {
proxy_pass http://web:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
This will handle the WebSocket request to nginx. Now, we can visit algoholic.pro/room_id/ ad find it working 🐮.
Blunder: I added a redundent line ports: "6379:6379" in redis which exposed our redis to the VM and anyone could ping redis with telnet 159.89.87.96 6379. To fix it, we need to remove ports and simply add a command to bind redis with network of docker.
redis:
image: redis:latest
command: redis-server --bind 0.0.0.0