Update WebSocket and API configurations in yourpart-websocket-fixed.conf and daemonServer.js

- Adjusted WebSocket proxy settings in yourpart-websocket-fixed.conf to route traffic through port 4551 for both secure and non-secure connections. - Enhanced daemonServer.js to listen on all interfaces (0.0.0.0) for both TLS and non-TLS WebSocket connections, improving accessibility.
2026-01-14 13:10:33 +01:00
parent 0cc280ed55
commit 9e845843d8
5 changed files with 62 additions and 39 deletions
--- a/backend/daemonServer.js
+++ b/backend/daemonServer.js
@@ -25,11 +25,13 @@ function createServer() {
      ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined,
    });
    wss = new WebSocketServer({ server: httpsServer });
    // Direkte Verbindung: lausche auf allen Interfaces (0.0.0.0)
    httpsServer.listen(PORT, '0.0.0.0', () => {
      console.log(`[Daemon] WSS (TLS) Server gestartet auf Port ${PORT}`);
    });
  } else {
-    wss = new WebSocketServer({ port: PORT });
+    // Direkte Verbindung: lausche auf allen Interfaces (0.0.0.0)
    wss = new WebSocketServer({ port: PORT, host: '0.0.0.0' });
    console.log(`[Daemon] WS (ohne TLS) Server startet auf Port ${PORT} ...`);
  }
--- a/backend/server.js
+++ b/backend/server.js
@@ -1,19 +1,50 @@
 import './config/loadEnv.js'; // .env deterministisch laden
 import http from 'http';
 import https from 'https';
 import fs from 'fs';
 import app from './app.js';
 import { setupWebSocket } from './utils/socket.js';
 import { syncDatabase } from './utils/syncDatabase.js';
-const server = http.createServer(app);
+// HTTP-Server für API (Port 2020, intern, über Apache-Proxy)
 const httpServer = http.createServer(app);
 setupWebSocket(httpServer);
-setupWebSocket(server);
+// HTTPS-Server für Socket.io (Port 4443, direkt erreichbar)
 let httpsServer = null;
 const SOCKET_IO_PORT = Number.parseInt(process.env.SOCKET_IO_PORT || '4443', 10);
 const USE_TLS = process.env.SOCKET_IO_TLS === '1';
 const TLS_KEY_PATH = process.env.SOCKET_IO_TLS_KEY_PATH;
 const TLS_CERT_PATH = process.env.SOCKET_IO_TLS_CERT_PATH;
 const TLS_CA_PATH = process.env.SOCKET_IO_TLS_CA_PATH;
 if (USE_TLS && TLS_KEY_PATH && TLS_CERT_PATH) {
  try {
    httpsServer = https.createServer({
      key: fs.readFileSync(TLS_KEY_PATH),
      cert: fs.readFileSync(TLS_CERT_PATH),
      ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined,
    }, app);
    setupWebSocket(httpsServer);
    console.log(`[Socket.io] HTTPS-Server für Socket.io konfiguriert auf Port ${SOCKET_IO_PORT}`);
  } catch (err) {
    console.error('[Socket.io] Fehler beim Laden der TLS-Zertifikate:', err.message);
    console.error('[Socket.io] Socket.io wird nur über HTTP-Server verfügbar sein');
  }
 }
 syncDatabase().then(() => {
  const port = process.env.PORT || 3001;
-  server.listen(port, () => { 
+  httpServer.listen(port, '127.0.0.1', () => { 
-    console.log('Server is running on port', port);
+    console.log(`[API] HTTP-Server läuft auf localhost:${port} (intern, über Apache-Proxy)`);
  });
  if (httpsServer) {
    httpsServer.listen(SOCKET_IO_PORT, '0.0.0.0', () => {
      console.log(`[Socket.io] HTTPS-Server läuft auf Port ${SOCKET_IO_PORT} (direkt erreichbar)`);
    });
  }
 }).catch(err => {
  console.error('Failed to sync database:', err);
  process.exit(1); 
--- a/frontend/src/store/index.js
+++ b/frontend/src/store/index.js
@@ -188,27 +188,29 @@ const store = createStore({
          socketIoUrl = 'http://localhost:3001';
        }
-        // Normalisiere URL (Env-Variablen enthalten teils Pfade wie /api; Port kann absichtlich gesetzt sein, z.B. :4443)
+        // Direkte Verbindung zu Socket.io (ohne Apache-Proxy)
-        try {
+        // In Produktion: direkte Verbindung zu Port 4443 (verschlüsselt)
-          if (socketIoUrl) {
+        const hostname = window.location.hostname;
-            const parsed = new URL(socketIoUrl, window.location.origin);
+        const isProduction = hostname === 'www.your-part.de' || hostname.includes('your-part.de');
-            // In Produktion: Verwende immer window.location.origin (Port 443), nicht den Port aus der Umgebungsvariable
+        
-            // Socket.io wird über Nginx-Proxy auf /socket.io/ weitergeleitet
+        if (isProduction) {
-            if (window.location.hostname === 'www.your-part.de' || window.location.hostname.includes('your-part.de')) {
+          // Produktion: direkte Verbindung zu Port 4443 (verschlüsselt)
-              socketIoUrl = window.location.origin;
+          const protocol = window.location.protocol === 'https:' ? 'https:' : 'http:';
-            } else {
+          socketIoUrl = `${protocol}//${hostname}:4443`;
-              // Lokale Entwicklung: Origin aus parsed verwenden (inkl. Port)
+        } else {
          // Lokale Entwicklung: direkte Backend-Verbindung
          if (!socketIoUrl && (import.meta.env.DEV || hostname === 'localhost' || hostname === '127.0.0.1')) {
            socketIoUrl = 'http://localhost:3001';
          } else if (socketIoUrl) {
            try {
              const parsed = new URL(socketIoUrl, window.location.origin);
              socketIoUrl = parsed.origin;
            } catch (e) {
              socketIoUrl = window.location.origin;
            }
          } else {
            // Fallback: aktuelle Origin verwenden
            socketIoUrl = window.location.origin;
          }
        } catch (e) {
          // Wenn Parsing fehlschlägt: letzte Rettung ist der aktuelle Origin
          try {
            socketIoUrl = window.location.origin;
          } catch (_) {}
        }
        const socket = io(socketIoUrl, {
--- a/yourpart-https.conf
+++ b/yourpart-https.conf
@@ -24,10 +24,10 @@
    RequestHeader set X-Forwarded-Proto "https"
    AllowEncodedSlashes NoDecode
-    # www Redirect (muss zuerst kommen, aber nicht für Proxy-Pfade)
+    # www Redirect (muss zuerst kommen, aber nicht für API-Pfade)
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =your-part.de
-    RewriteCond %{REQUEST_URI} !^/(api|socket\.io|ws)/
+    RewriteCond %{REQUEST_URI} !^/api/
    RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    # API-Requests an Backend weiterleiten (Location-Block hat höhere Priorität)
@@ -36,19 +36,6 @@
        ProxyPassReverse "http://localhost:2020/api/"
    </Location>
    # Socket.io: WebSocket und HTTP mit Location-Block
    <LocationMatch "^/socket.io/">
        # WebSocket-Upgrade
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule .* "ws://localhost:2020%{REQUEST_URI}" [P,L]
        # HTTP-Fallback für Polling
        ProxyPass "http://localhost:2020/socket.io/"
        ProxyPassReverse "http://localhost:2020/socket.io/"
    </LocationMatch>
    ErrorLog /var/log/apache2/yourpart.error.log
    CustomLog /var/log/apache2/yourpart.access.log combined
--- a/yourpart-websocket-fixed.conf
+++ b/yourpart-websocket-fixed.conf
@@ -18,14 +18,15 @@
    AllowEncodedSlashes NoDecode
    # WebSocket-Upgrade (muss VOR ProxyPass stehen)
    # Apache lauscht auf Port 4551 (extern, verschlüsselt) und leitet an Daemon auf Port 4551 weiter (intern, unverschlüsselt)
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/?(.*) "ws://localhost:4552/$1" [P,L]
+    RewriteRule ^/?(.*) "ws://localhost:4551/$1" [P,L]
    # Fallback für normale HTTP-Requests (falls nötig)
-    ProxyPass / http://localhost:4552/
+    ProxyPass / http://localhost:4551/
-    ProxyPassReverse / http://localhost:4552/
+    ProxyPassReverse / http://localhost:4551/
    # CORS-Headers
    Header always set Access-Control-Allow-Origin "https://www.your-part.de"