Developers Forum for XinFin XDC Network

Raghuram Dharanipathy
Raghuram Dharanipathy

Posted on • Updated on

Enable secure websocket(WSS)&(https) for full node using Nginx

This article gives you the concise information about setting up of secured websocket(WSS) for your full node.

Setting up of Nginx and the configuration tweaking needed for https is clearly mentioned in "How to configure SSL for XDC private chain on server with Nginx".

Tweaking needed for enabling WSS in Nginx configuration file is given below.

Now you need to edit the NGINX configuration file /etc/nginx/sites-enabled/default:

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;

upstream websocket {
server {

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
    server_name <domainName>; # managed by Certbot

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                proxy_pass http://localhost:8989;

       location /websocket {
            proxy_pass http://websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server {
    if ($host = <domainName>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    server_name <domainName>;
    return 404; # managed by Certbot

Enter fullscreen mode Exit fullscreen mode

We use a proxy_pass directive to proxy traffic from an encrypted 443 HTTPS port to node port 8989 on our server instance without exposing it publicly.

Now verify that the config is correct:
sudo nginx -t

and restart the NGINX process to apply changes:

sudo service nginx restart

You can check if your full node is available via a secure HTTPS & WSS connection.

Discussion (0)