I’ve been playing around with vakata/websocket and after I got it working nicely, I wanted to switch to WSS (websockets over TLS) for a little extra security. Luckily, I already have all the certificates needed thanks to LetsEncrypt.
How to enable WSS connections
Find your SSL certificate PEM files; on my Debian (Stretch) server, the certificates are located in
From this directory, you need to
privkey.pem and place the resulting file somewhere accessible by your websockets server script (but not publically served). Additionally, make sure you add this file to your
cat /etc/letsencrypt/live/yourdomain.name/fullchain.pem /etc/letsencrypt/live/yourdomain.name/privkey.pem cert.pem echo 'cert.pem' >> .gitignore
With this in place, you can now use
wss:// as the protocol and the path to the newly cat’d certificate file in your
$server = new \vakata\websocket\Server('wss://yourdomain.name:8080', 'cert.pem');
Bear in mind, secure websocket connections can only be made from secure web pages – but if you have the certificates, you’re probably already serving pages over HTTPS, right?