FastAPITutorial

WSS support for Websockets + Security Enhancements

Final Git Commit: Setup domain and ssl
If you visit your domain name and open the javascript developer console. You should see the below error.

The page at 'https://algoholic.pro/ws/hi/' was loaded over HTTPS, 
but attempted to connect to the insecure WebSocket endpoint 'ws://algoholic.pro:8000/ws/hi'. 
This request has been blocked; this endpoint must be available over WSS.

This makes sense, we haven't done anything to ensure secure websocket support. Let's do it now. Change the nginx.conf to include a new location /ws/
 

worker_processes 4;

events { worker_connections 1024; }

http {
    sendfile on;
    server_tokens off;

    server {
    listen 80;
    listen [::]:80;
    server_name algoholic.pro;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
        }
    }


    server {
        listen 443 ssl;
        server_name algoholic.pro;

        ssl_certificate /etc/nginx/ssl/live/algoholic.pro/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/live/algoholic.pro/privkey.pem;

        location / {
            proxy_pass http://web:8000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /ws/ {
            proxy_pass http://web:8000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

This will handle the WebSocket request to nginx.  Now, we can visit algoholic.pro/room_id/ ad find it working 🐮.

Blunder: I added a redundent line ports: "6379:6379" in redis which exposed our redis to the VM and anyone could ping redis with  telnet 159.89.87.96 6379. To fix it, we need to remove ports and simply add a command to bind redis with network of docker.

  redis:
    image: redis:latest
    command: redis-server --bind 0.0.0.0

Prev: Deploying with a …
FastAPITutorial

Brige the gap between Tutorial hell and Industry. We want to bring in the culture of Clean Code, Test Driven Development.

We know, we might make it hard for you but definitely worth the efforts.

Contacts

Email:

[email protected]

Refunds:

Refund Policy
Social
Youtube

Follow us on our social media channels to stay updated.

© Copyright 2022-23 Team FastAPITutorial