feat: use secure websocket connection

Author: codingben

docker-compose.prod.yml

@@ -7,7 +7,7 @@ services:
             REACT_APP_ENV: Production
             REMOVE_CF_IPS: "false"
         ports:
-            - 80:80
+            - 443:443
         depends_on:
             - game-service
     game-service:
@@ -16,7 +16,7 @@ services:
         expose:
             - 50051
         environment:
-            URL: ws://0.0.0.0:50051
+            URL: wss://0.0.0.0:50051
             FLECK_LOG: Info
             IM_LOG: Debug
             GAME_LOG: Debug

src/frontend/nginx.conf

@@ -16,9 +16,44 @@ http {
         server game-service:50051;
     }
 
-    server { 
+    server {
         listen 80;
-        server_name _;
+        server_name localhost;
+
+        location / {
+            gzip_static on;
+            root   /usr/share/nginx/html;
+            index  index.html;
+        }
+
+        location /game {
+            # Upgrade to WebSocket protocol over HTTP
+            proxy_pass http://game/;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+        }
+    }
+
+    server {
+        listen 80;
+        server_name maplefighters.io www.maplefighters.io;
+
+        # Redirect all HTTP requests to HTTPS
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name maplefighters.io www.maplefighters.io;
+
+        ssl_certificate /etc/nginx/ssl/server.crt;
+        ssl_certificate_key /etc/nginx/ssl/server.key;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
 
         limit_req zone=req burst=10 delay=5;
         limit_req_status 444;
@@ -31,14 +66,11 @@ http {
         }
 
         location /game {
-            # Source: https://github.com/nicokaiser/nginx-websocket-proxy/blob/master/simple-ws.conf
-            # redirect all HTTP traffic to game-service
-            proxy_pass http://game/;
+            # Upgrade to WebSocket protocol over HTTPS
+            proxy_pass https://game/;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            
-            # WebSocket support (nginx 1.4)
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "Upgrade";

src/game-service/Game.Application/GameApplication.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Security.Cryptography.X509Certificates;
 using DotNetEnv;
 using Fleck;
 using Game.Application;
@@ -23,7 +24,9 @@
 GameLog.Level = (GameLogLevel)Enum.Parse(typeof(GameLogLevel), gameLog);
 
 var url = Env.GetString("URL");
-var server = new WebSocketServer(url);
+var certificatePassword = Env.GetString("CERT_PASSWORD");
+var serverUri = new Uri(url);
+var server = new WebSocketServer($"{serverUri.Scheme}://{serverUri.Host}:{serverUri.Port}");
 var serverComponents = new ComponentCollection(new IComponent[]
 {
     new IdGenerator(),
@@ -41,6 +44,11 @@
     serverComponents?.Dispose();
 };
 
+if (string.IsNullOrEmpty(certificatePassword) == false)
+{
+    server.Certificate = new X509Certificate2("server.pfx", certificatePassword);
+}
+
 server.Start((connection) =>
 {
     var id = idGenerator.GenerateId();

src/game-service/Game.Application/Makefile

@@ -2,7 +2,10 @@ build:
 	docker build -t game-service .
 
 run:
-	docker run -p 50051:50051 game-service -e URL=ws://0.0.0.0:50051 \
+	docker run -p 50051:50051 game-service -e \
+		URL=ws://0.0.0.0:50051 \
 		FLECK_LOG=Info \
 		IM_LOG=Debug \
-		GAME_LOG=Debug
+		GAME_LOG=Debug \
+		CONFIG_SOURCE=v2.0 \
+		MAX_CONNECTIONS=100

src/maple-fighters/Assets/Maple Fighters/Resources/Configurations/NetworkConfiguration.asset

@@ -14,12 +14,15 @@ MonoBehaviour:
   m_EditorClassIdentifier: 
   HostingData:
   - Name: Editor
+    Protocol: ws
     Host: localhost
     Environment: 0
   - Name: Development
+    Protocol: ws
     Host: localhost
     Environment: 1
   - Name: Production
+    Protocol: wss
     Host: maplefighters.io
     Environment: 2
   Environment: 0

src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/HostingData.cs

@@ -7,6 +7,8 @@ public class HostingData
     {
         public string Name;
 
+        public string Protocol;
+
         public string Host;
 
         public HostingEnvironment Environment;

src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/NetworkConfiguration.cs

@@ -14,6 +14,18 @@ public class NetworkConfiguration : ScriptableSingleton<NetworkConfiguration>
 
         public HostingEnvironment Environment;
 
+        public string GetProtocol()
+        {
+            var hostingData =
+                HostingData.FirstOrDefault((x) => x.Environment == Environment);
+            if (hostingData != null)
+            {
+                return hostingData.Protocol;
+            }
+
+            return string.Empty;
+        }
+
         public string GetHost()
         {
             var hostingData =

src/maple-fighters/Assets/Maple Fighters/Scripts/Services/GameApi/WebSocketGameApi.cs

@@ -77,7 +77,7 @@ private void Start()
 
             var uriBuilder = new UriBuilder()
             {
-                Scheme = "ws",
+                Scheme = networkConfiguration.GetProtocol(),
                 Host = networkConfiguration.GetHost(),
                 Path = "game"
             };