From 9e845843d812f2c7cc8096fdf5205c7cb108726e Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Wed, 14 Jan 2026 13:10:33 +0100 Subject: [PATCH] Update WebSocket and API configurations in yourpart-websocket-fixed.conf and daemonServer.js - Adjusted WebSocket proxy settings in yourpart-websocket-fixed.conf to route traffic through port 4551 for both secure and non-secure connections. - Enhanced daemonServer.js to listen on all interfaces (0.0.0.0) for both TLS and non-TLS WebSocket connections, improving accessibility. --- backend/daemonServer.js | 4 +++- backend/server.js | 39 +++++++++++++++++++++++++++++++---- frontend/src/store/index.js | 34 ++++++++++++++++-------------- yourpart-https.conf | 17 ++------------- yourpart-websocket-fixed.conf | 7 ++++--- 5 files changed, 62 insertions(+), 39 deletions(-) diff --git a/backend/daemonServer.js b/backend/daemonServer.js index 50cff03..bd62807 100644 --- a/backend/daemonServer.js +++ b/backend/daemonServer.js @@ -25,11 +25,13 @@ function createServer() { ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined, }); wss = new WebSocketServer({ server: httpsServer }); + // Direkte Verbindung: lausche auf allen Interfaces (0.0.0.0) httpsServer.listen(PORT, '0.0.0.0', () => { console.log(`[Daemon] WSS (TLS) Server gestartet auf Port ${PORT}`); }); } else { - wss = new WebSocketServer({ port: PORT }); + // Direkte Verbindung: lausche auf allen Interfaces (0.0.0.0) + wss = new WebSocketServer({ port: PORT, host: '0.0.0.0' }); console.log(`[Daemon] WS (ohne TLS) Server startet auf Port ${PORT} ...`); } diff --git a/backend/server.js b/backend/server.js index 9b586fb..f2b7b64 100644 --- a/backend/server.js +++ b/backend/server.js @@ -1,19 +1,50 @@ import './config/loadEnv.js'; // .env deterministisch laden import http from 'http'; +import https from 'https'; +import fs from 'fs'; import app from './app.js'; import { setupWebSocket } from './utils/socket.js'; import { syncDatabase } from './utils/syncDatabase.js'; -const server = http.createServer(app); +// HTTP-Server für API (Port 2020, intern, über Apache-Proxy) +const httpServer = http.createServer(app); +setupWebSocket(httpServer); -setupWebSocket(server); +// HTTPS-Server für Socket.io (Port 4443, direkt erreichbar) +let httpsServer = null; +const SOCKET_IO_PORT = Number.parseInt(process.env.SOCKET_IO_PORT || '4443', 10); +const USE_TLS = process.env.SOCKET_IO_TLS === '1'; +const TLS_KEY_PATH = process.env.SOCKET_IO_TLS_KEY_PATH; +const TLS_CERT_PATH = process.env.SOCKET_IO_TLS_CERT_PATH; +const TLS_CA_PATH = process.env.SOCKET_IO_TLS_CA_PATH; + +if (USE_TLS && TLS_KEY_PATH && TLS_CERT_PATH) { + try { + httpsServer = https.createServer({ + key: fs.readFileSync(TLS_KEY_PATH), + cert: fs.readFileSync(TLS_CERT_PATH), + ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined, + }, app); + setupWebSocket(httpsServer); + console.log(`[Socket.io] HTTPS-Server für Socket.io konfiguriert auf Port ${SOCKET_IO_PORT}`); + } catch (err) { + console.error('[Socket.io] Fehler beim Laden der TLS-Zertifikate:', err.message); + console.error('[Socket.io] Socket.io wird nur über HTTP-Server verfügbar sein'); + } +} syncDatabase().then(() => { const port = process.env.PORT || 3001; - server.listen(port, () => { - console.log('Server is running on port', port); + httpServer.listen(port, '127.0.0.1', () => { + console.log(`[API] HTTP-Server läuft auf localhost:${port} (intern, über Apache-Proxy)`); }); + + if (httpsServer) { + httpsServer.listen(SOCKET_IO_PORT, '0.0.0.0', () => { + console.log(`[Socket.io] HTTPS-Server läuft auf Port ${SOCKET_IO_PORT} (direkt erreichbar)`); + }); + } }).catch(err => { console.error('Failed to sync database:', err); process.exit(1); diff --git a/frontend/src/store/index.js b/frontend/src/store/index.js index 733dd91..9059de0 100644 --- a/frontend/src/store/index.js +++ b/frontend/src/store/index.js @@ -188,27 +188,29 @@ const store = createStore({ socketIoUrl = 'http://localhost:3001'; } - // Normalisiere URL (Env-Variablen enthalten teils Pfade wie /api; Port kann absichtlich gesetzt sein, z.B. :4443) - try { - if (socketIoUrl) { - const parsed = new URL(socketIoUrl, window.location.origin); - // In Produktion: Verwende immer window.location.origin (Port 443), nicht den Port aus der Umgebungsvariable - // Socket.io wird über Nginx-Proxy auf /socket.io/ weitergeleitet - if (window.location.hostname === 'www.your-part.de' || window.location.hostname.includes('your-part.de')) { - socketIoUrl = window.location.origin; - } else { - // Lokale Entwicklung: Origin aus parsed verwenden (inkl. Port) + // Direkte Verbindung zu Socket.io (ohne Apache-Proxy) + // In Produktion: direkte Verbindung zu Port 4443 (verschlüsselt) + const hostname = window.location.hostname; + const isProduction = hostname === 'www.your-part.de' || hostname.includes('your-part.de'); + + if (isProduction) { + // Produktion: direkte Verbindung zu Port 4443 (verschlüsselt) + const protocol = window.location.protocol === 'https:' ? 'https:' : 'http:'; + socketIoUrl = `${protocol}//${hostname}:4443`; + } else { + // Lokale Entwicklung: direkte Backend-Verbindung + if (!socketIoUrl && (import.meta.env.DEV || hostname === 'localhost' || hostname === '127.0.0.1')) { + socketIoUrl = 'http://localhost:3001'; + } else if (socketIoUrl) { + try { + const parsed = new URL(socketIoUrl, window.location.origin); socketIoUrl = parsed.origin; + } catch (e) { + socketIoUrl = window.location.origin; } } else { - // Fallback: aktuelle Origin verwenden socketIoUrl = window.location.origin; } - } catch (e) { - // Wenn Parsing fehlschlägt: letzte Rettung ist der aktuelle Origin - try { - socketIoUrl = window.location.origin; - } catch (_) {} } const socket = io(socketIoUrl, { diff --git a/yourpart-https.conf b/yourpart-https.conf index ea76622..611170b 100644 --- a/yourpart-https.conf +++ b/yourpart-https.conf @@ -24,10 +24,10 @@ RequestHeader set X-Forwarded-Proto "https" AllowEncodedSlashes NoDecode - # www Redirect (muss zuerst kommen, aber nicht für Proxy-Pfade) + # www Redirect (muss zuerst kommen, aber nicht für API-Pfade) RewriteEngine on RewriteCond %{SERVER_NAME} =your-part.de - RewriteCond %{REQUEST_URI} !^/(api|socket\.io|ws)/ + RewriteCond %{REQUEST_URI} !^/api/ RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] # API-Requests an Backend weiterleiten (Location-Block hat höhere Priorität) @@ -35,19 +35,6 @@ ProxyPass "http://localhost:2020/api/" ProxyPassReverse "http://localhost:2020/api/" - - # Socket.io: WebSocket und HTTP mit Location-Block - - # WebSocket-Upgrade - RewriteEngine on - RewriteCond %{HTTP:Upgrade} websocket [NC] - RewriteCond %{HTTP:Connection} upgrade [NC] - RewriteRule .* "ws://localhost:2020%{REQUEST_URI}" [P,L] - - # HTTP-Fallback für Polling - ProxyPass "http://localhost:2020/socket.io/" - ProxyPassReverse "http://localhost:2020/socket.io/" - ErrorLog /var/log/apache2/yourpart.error.log CustomLog /var/log/apache2/yourpart.access.log combined diff --git a/yourpart-websocket-fixed.conf b/yourpart-websocket-fixed.conf index 8e76ef7..aa9bf01 100644 --- a/yourpart-websocket-fixed.conf +++ b/yourpart-websocket-fixed.conf @@ -18,14 +18,15 @@ AllowEncodedSlashes NoDecode # WebSocket-Upgrade (muss VOR ProxyPass stehen) + # Apache lauscht auf Port 4551 (extern, verschlüsselt) und leitet an Daemon auf Port 4551 weiter (intern, unverschlüsselt) RewriteEngine On RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] - RewriteRule ^/?(.*) "ws://localhost:4552/$1" [P,L] + RewriteRule ^/?(.*) "ws://localhost:4551/$1" [P,L] # Fallback für normale HTTP-Requests (falls nötig) - ProxyPass / http://localhost:4552/ - ProxyPassReverse / http://localhost:4552/ + ProxyPass / http://localhost:4551/ + ProxyPassReverse / http://localhost:4551/ # CORS-Headers Header always set Access-Control-Allow-Origin "https://www.your-part.de"