Securing a Socket.IO Websocket and restricting it to a domain

Question

So I am an absolute beginner at Socket.IO, but I have a pre built application that needs to be secured in two ways: It needs to be transmitted over HTTPS and it needs to be restricted to only server data to a specific domain.

This is the code for the emitter thus far: https://github.com/Bitzz/Pokemon-Go-Coords/blob/master/discord-bot/index.js How do I go about securing it? I assume something along the lines of

io.set('origins', 'https://example.com:*');

on line 156 would restrict it to one domain... Could I maybe blacklist only specific domains instead? Beyond that, how do I make it emit over https via wss?

Currently the console shows:

I think I can figure out how to configure the web sided reader to look for the over https websocket, but getting it to send is not something I know how to figure out. Please use simple words I am not a smart cookie. :(

Answer 1

I found the solution.

In the apache2 site config file for the secure config (*:443), add the following:

#This enables polling over https. Painfully inefficient but a good fallback
SSLProxyEngine on
ProxyPass /socket.io http://127.0.0.1:49002/socket.io/ 
ProxyPassReverse /socket.io http://127.0.0.1:49002/socket.io/

#This upgrades and rewrites the ws to wss
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:49002%{REQUEST_URI} [P]