Skip to content

Commit 451281e

Browse files
committed
feat: use secure websocket connection
1 parent e59659c commit 451281e

File tree

15 files changed

+56
-18
lines changed

15 files changed

+56
-18
lines changed

docker-compose.prod.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ services:
77
REACT_APP_ENV: Production
88
REMOVE_CF_IPS: "false"
99
ports:
10-
- 80:80
10+
- 443:443
1111
depends_on:
1212
- game-service
1313
game-service:
@@ -16,7 +16,7 @@ services:
1616
expose:
1717
- 50051
1818
environment:
19-
URL: ws://0.0.0.0:50051
19+
URL: wss://0.0.0.0:50051
2020
FLECK_LOG: Info
2121
IM_LOG: Debug
2222
GAME_LOG: Debug

docker-compose.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ services:
1010
REACT_APP_ENV: Development
1111
REMOVE_CF_IPS: "true"
1212
ports:
13-
- 80:80
13+
- 443:443
1414
depends_on:
1515
- game-service
1616
game-service:
@@ -21,7 +21,7 @@ services:
2121
expose:
2222
- 50051
2323
environment:
24-
URL: ws://0.0.0.0:50051
24+
URL: wss://0.0.0.0:50051
2525
FLECK_LOG: Info
2626
IM_LOG: Debug
2727
GAME_LOG: Debug

kustomize/base/frontend.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ spec:
1818
image: maplefighters/frontend:2.0.0
1919
imagePullPolicy: Always
2020
ports:
21-
- containerPort: 80
21+
- containerPort: 443
2222
env:
2323
- name: REACT_APP_ENV
2424
value: "Development"
@@ -45,8 +45,8 @@ metadata:
4545
spec:
4646
type: LoadBalancer
4747
ports:
48-
- name: http
49-
port: 80
50-
targetPort: 80
48+
- name: https
49+
port: 443
50+
targetPort: 443
5151
selector:
5252
app: frontend

kustomize/base/gameservice.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ spec:
3131
- name: IM_LOG
3232
value: Debug
3333
- name: URL
34-
value: ws://0.0.0.0:50051
34+
value: wss://0.0.0.0:50051
3535
resources:
3636
requests:
3737
cpu: 100m

src/frontend/Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ RUN npm run build
77

88
FROM nginx:1.20.1-alpine
99
COPY --from=builder /app/nginx.conf /etc/nginx/nginx.conf
10+
COPY --from=builder /app/server.crt /etc/nginx/ssl/server.crt
11+
COPY --from=builder /app/server.key /etc/nginx/ssl/server.key
1012
COPY --from=builder /app/cloudflare-ips.conf /var/www-allow/cloudflare-ips.conf
1113
COPY --from=builder /app/build /usr/share/nginx/html
1214
COPY --from=builder /app/entrypoint.sh /entrypoint.sh

src/frontend/nginx.conf

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,24 @@ http {
1616
server game-service:50051;
1717
}
1818

19-
server {
19+
server {
2020
listen 80;
2121
server_name _;
2222

23+
# Redirect all HTTP requests to HTTPS
24+
return 301 https://$host$request_uri;
25+
}
26+
27+
server {
28+
listen 443 ssl;
29+
server_name _;
30+
31+
# SSL configuration
32+
ssl_certificate /etc/nginx/ssl/server.crt;
33+
ssl_certificate_key /etc/nginx/ssl/server.key;
34+
ssl_protocols TLSv1.2 TLSv1.3;
35+
ssl_ciphers HIGH:!aNULL:!MD5;
36+
2337
limit_req zone=req burst=10 delay=5;
2438
limit_req_status 444;
2539
limit_rate 5m;
@@ -31,9 +45,8 @@ http {
3145
}
3246

3347
location /game {
34-
# Source: https://github.com/nicokaiser/nginx-websocket-proxy/blob/master/simple-ws.conf
35-
# redirect all HTTP traffic to game-service
36-
proxy_pass http://game/;
48+
# Upgrade to WebSocket protocol over HTTPS
49+
proxy_pass https://game/;
3750
proxy_set_header X-Real-IP $remote_addr;
3851
proxy_set_header Host $host;
3952
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

src/game-service/Game.Application/.env

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
URL=ws://0.0.0.0:50051
1+
URL=wss://0.0.0.0:50051
22
FLECK_LOG=Info
33
IM_LOG=Debug
44
GAME_LOG=Debug

src/game-service/Game.Application/Dockerfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,5 @@ RUN dotnet publish -c release -o /app --no-restore
88
FROM mcr.microsoft.com/dotnet/runtime:5.0
99
WORKDIR /app
1010
COPY --from=builder /app .
11+
COPY --from=builder /source/server.crt .
1112
ENTRYPOINT ["dotnet", "Game.Application.dll"]

src/game-service/Game.Application/GameApplication.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
using System;
2+
using System.Security.Cryptography.X509Certificates;
23
using DotNetEnv;
34
using Fleck;
45
using Game.Application;
@@ -24,6 +25,7 @@
2425

2526
var url = Env.GetString("URL");
2627
var server = new WebSocketServer(url);
28+
server.Certificate = new X509Certificate2("server.crt");
2729
var serverComponents = new ComponentCollection(new IComponent[]
2830
{
2931
new IdGenerator(),

src/game-service/Game.Application/Makefile

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,10 @@ build:
22
docker build -t game-service .
33

44
run:
5-
docker run -p 50051:50051 game-service -e URL=ws://0.0.0.0:50051 \
5+
docker run -p 50051:50051 game-service -e \
6+
URL=wss://0.0.0.0:50051 \
67
FLECK_LOG=Info \
78
IM_LOG=Debug \
8-
GAME_LOG=Debug
9+
GAME_LOG=Debug \
10+
CONFIG_SOURCE=v2.0 \
11+
MAX_CONNECTIONS=100

src/game-service/Game.Application/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,4 +43,4 @@ make build
4343
make run
4444
```
4545

46-
You should now be able to access it at `ws://localhost:50051`.
46+
You should now be able to access it at `wss://localhost:50051`.

src/maple-fighters/Assets/Maple Fighters/Resources/Configurations/NetworkConfiguration.asset

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,15 @@ MonoBehaviour:
1414
m_EditorClassIdentifier:
1515
HostingData:
1616
- Name: Editor
17+
Protocol: ws
1718
Host: localhost
1819
Environment: 0
1920
- Name: Development
21+
Protocol: ws
2022
Host: localhost
2123
Environment: 1
2224
- Name: Production
25+
Protocol: wss
2326
Host: maplefighters.io
2427
Environment: 2
2528
Environment: 0

src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/HostingData.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ public class HostingData
77
{
88
public string Name;
99

10+
public string Protocol;
11+
1012
public string Host;
1113

1214
public HostingEnvironment Environment;

src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/NetworkConfiguration.cs

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,18 @@ public class NetworkConfiguration : ScriptableSingleton<NetworkConfiguration>
1414

1515
public HostingEnvironment Environment;
1616

17+
public string GetProtocol()
18+
{
19+
var hostingData =
20+
HostingData.FirstOrDefault((x) => x.Environment == Environment);
21+
if (hostingData != null)
22+
{
23+
return hostingData.Protocol;
24+
}
25+
26+
return string.Empty;
27+
}
28+
1729
public string GetHost()
1830
{
1931
var hostingData =

src/maple-fighters/Assets/Maple Fighters/Scripts/Services/GameApi/WebSocketGameApi.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ private void Start()
7777

7878
var uriBuilder = new UriBuilder()
7979
{
80-
Scheme = "ws",
80+
Scheme = networkConfiguration.GetProtocol(),
8181
Host = networkConfiguration.GetHost(),
8282
Path = "game"
8383
};

0 commit comments

Comments
 (0)