I created a Websockets server with express and socket.io, here is the code of the server:
import express from 'express';
import { createServer } from 'node:http';
import { Server } from 'socket.io';
const app = express();
const httpServer = createServer(app);
const io = new Server(httpServer);
app.get('/', (req, res) => {
res.sendFile(join(__dirname, 'index.html'));
});
let i = 0;
io.on('connection', (socket) => {
socket.on('chat message', (msg) => {
socket.emit('chat message', ++i + ' ' + msg);
});
});
httpServer.listen(3000, () => {
logger.log('server running');
});
It works fine with both http/ws and https/wss. Now, I would like to reject any Websocket connection without ssl. In other words, if the user try to connect with ws, the connection is rejected. The following client-side code illustrate my purpose:
// Should be rejected
const socket = io('ws://example.com');
socket.emit('chat message', 'Hello');
// Should be processed
const socket = io('wss://example.com');
socket.emit('chat message', 'Hello');
My app is deployed on a production server with cPanel. I don't know exactly how ssl is managed by cPanel, but the fact is that the above code when deployed on my server works with both http/ws and https/wss requests.