Update WebSocket and API configurations in yourpart-websocket-fixed.conf and daemonServer.js

- Adjusted WebSocket proxy settings in yourpart-websocket-fixed.conf to route traffic through port 4551 for both secure and non-secure connections.
- Enhanced daemonServer.js to listen on all interfaces (0.0.0.0) for both TLS and non-TLS WebSocket connections, improving accessibility.

backend/daemonServer.js

@@ -25,11 +25,13 @@ function createServer() {
       ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined,
     });
     wss = new WebSocketServer({ server: httpsServer });
+    // Direkte Verbindung: lausche auf allen Interfaces (0.0.0.0)
     httpsServer.listen(PORT, '0.0.0.0', () => {
       console.log(`[Daemon] WSS (TLS) Server gestartet auf Port ${PORT}`);
     });
   } else {
-    wss = new WebSocketServer({ port: PORT });
+    // Direkte Verbindung: lausche auf allen Interfaces (0.0.0.0)
+    wss = new WebSocketServer({ port: PORT, host: '0.0.0.0' });
     console.log(`[Daemon] WS (ohne TLS) Server startet auf Port ${PORT} ...`);
   }
 

backend/server.js

@@ -1,19 +1,50 @@
 import './config/loadEnv.js'; // .env deterministisch laden
 
 import http from 'http';
+import https from 'https';
+import fs from 'fs';
 import app from './app.js';
 import { setupWebSocket } from './utils/socket.js';
 import { syncDatabase } from './utils/syncDatabase.js';
 
-const server = http.createServer(app);
+// HTTP-Server für API (Port 2020, intern, über Apache-Proxy)
+const httpServer = http.createServer(app);
+setupWebSocket(httpServer);
 
-setupWebSocket(server);
+// HTTPS-Server für Socket.io (Port 4443, direkt erreichbar)
+let httpsServer = null;
+const SOCKET_IO_PORT = Number.parseInt(process.env.SOCKET_IO_PORT || '4443', 10);
+const USE_TLS = process.env.SOCKET_IO_TLS === '1';
+const TLS_KEY_PATH = process.env.SOCKET_IO_TLS_KEY_PATH;
+const TLS_CERT_PATH = process.env.SOCKET_IO_TLS_CERT_PATH;
+const TLS_CA_PATH = process.env.SOCKET_IO_TLS_CA_PATH;
+
+if (USE_TLS && TLS_KEY_PATH && TLS_CERT_PATH) {
+  try {
+    httpsServer = https.createServer({
+      key: fs.readFileSync(TLS_KEY_PATH),
+      cert: fs.readFileSync(TLS_CERT_PATH),
+      ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined,
+    }, app);
+    setupWebSocket(httpsServer);
+    console.log(`[Socket.io] HTTPS-Server für Socket.io konfiguriert auf Port ${SOCKET_IO_PORT}`);
+  } catch (err) {
+    console.error('[Socket.io] Fehler beim Laden der TLS-Zertifikate:', err.message);
+    console.error('[Socket.io] Socket.io wird nur über HTTP-Server verfügbar sein');
+  }
+}
 
 syncDatabase().then(() => {
   const port = process.env.PORT || 3001;
-  server.listen(port, () => { 
-    console.log('Server is running on port', port);
+  httpServer.listen(port, '127.0.0.1', () => { 
+    console.log(`[API] HTTP-Server läuft auf localhost:${port} (intern, über Apache-Proxy)`);
   });
+  
+  if (httpsServer) {
+    httpsServer.listen(SOCKET_IO_PORT, '0.0.0.0', () => {
+      console.log(`[Socket.io] HTTPS-Server läuft auf Port ${SOCKET_IO_PORT} (direkt erreichbar)`);
+    });
+  }
 }).catch(err => {
   console.error('Failed to sync database:', err);
   process.exit(1); 

frontend/src/store/index.js

@@ -188,27 +188,29 @@ const store = createStore({
           socketIoUrl = 'http://localhost:3001';
         }
 
-        // Normalisiere URL (Env-Variablen enthalten teils Pfade wie /api; Port kann absichtlich gesetzt sein, z.B. :4443)
+        // Direkte Verbindung zu Socket.io (ohne Apache-Proxy)
+        // In Produktion: direkte Verbindung zu Port 4443 (verschlüsselt)
+        const hostname = window.location.hostname;
+        const isProduction = hostname === 'www.your-part.de' || hostname.includes('your-part.de');
+        
+        if (isProduction) {
+          // Produktion: direkte Verbindung zu Port 4443 (verschlüsselt)
+          const protocol = window.location.protocol === 'https:' ? 'https:' : 'http:';
+          socketIoUrl = `${protocol}//${hostname}:4443`;
+        } else {
+          // Lokale Entwicklung: direkte Backend-Verbindung
+          if (!socketIoUrl && (import.meta.env.DEV || hostname === 'localhost' || hostname === '127.0.0.1')) {
+            socketIoUrl = 'http://localhost:3001';
+          } else if (socketIoUrl) {
             try {
-          if (socketIoUrl) {
               const parsed = new URL(socketIoUrl, window.location.origin);
-            // In Produktion: Verwende immer window.location.origin (Port 443), nicht den Port aus der Umgebungsvariable
-            // Socket.io wird über Nginx-Proxy auf /socket.io/ weitergeleitet
-            if (window.location.hostname === 'www.your-part.de' || window.location.hostname.includes('your-part.de')) {
-              socketIoUrl = window.location.origin;
-            } else {
-              // Lokale Entwicklung: Origin aus parsed verwenden (inkl. Port)
               socketIoUrl = parsed.origin;
+            } catch (e) {
+              socketIoUrl = window.location.origin;
             }
           } else {
-            // Fallback: aktuelle Origin verwenden
             socketIoUrl = window.location.origin;
           }
-        } catch (e) {
-          // Wenn Parsing fehlschlägt: letzte Rettung ist der aktuelle Origin
-          try {
-            socketIoUrl = window.location.origin;
-          } catch (_) {}
         }
         
         const socket = io(socketIoUrl, {

yourpart-https.conf

@@ -24,10 +24,10 @@
     RequestHeader set X-Forwarded-Proto "https"
     AllowEncodedSlashes NoDecode
     
-    # www Redirect (muss zuerst kommen, aber nicht für Proxy-Pfade)
+    # www Redirect (muss zuerst kommen, aber nicht für API-Pfade)
     RewriteEngine on
     RewriteCond %{SERVER_NAME} =your-part.de
-    RewriteCond %{REQUEST_URI} !^/(api|socket\.io|ws)/
+    RewriteCond %{REQUEST_URI} !^/api/
     RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
     
     # API-Requests an Backend weiterleiten (Location-Block hat höhere Priorität)
@@ -36,19 +36,6 @@
         ProxyPassReverse "http://localhost:2020/api/"
     </Location>
 
-    # Socket.io: WebSocket und HTTP mit Location-Block
-    <LocationMatch "^/socket.io/">
-        # WebSocket-Upgrade
-        RewriteEngine on
-        RewriteCond %{HTTP:Upgrade} websocket [NC]
-        RewriteCond %{HTTP:Connection} upgrade [NC]
-        RewriteRule .* "ws://localhost:2020%{REQUEST_URI}" [P,L]
-        
-        # HTTP-Fallback für Polling
-        ProxyPass "http://localhost:2020/socket.io/"
-        ProxyPassReverse "http://localhost:2020/socket.io/"
-    </LocationMatch>
-
     ErrorLog /var/log/apache2/yourpart.error.log
     CustomLog /var/log/apache2/yourpart.access.log combined
 

yourpart-websocket-fixed.conf

@@ -18,14 +18,15 @@
     AllowEncodedSlashes NoDecode
     
     # WebSocket-Upgrade (muss VOR ProxyPass stehen)
+    # Apache lauscht auf Port 4551 (extern, verschlüsselt) und leitet an Daemon auf Port 4551 weiter (intern, unverschlüsselt)
     RewriteEngine On
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/?(.*) "ws://localhost:4552/$1" [P,L]
+    RewriteRule ^/?(.*) "ws://localhost:4551/$1" [P,L]
     
     # Fallback für normale HTTP-Requests (falls nötig)
-    ProxyPass / http://localhost:4552/
-    ProxyPassReverse / http://localhost:4552/
+    ProxyPass / http://localhost:4551/
+    ProxyPassReverse / http://localhost:4551/
     
     # CORS-Headers
     Header always set Access-Control-Allow-Origin "https://www.your-part.de"