Websocket, Firewall and Proxy oh my…
You have already create a websocket apps for your realtime data ? That’s good.
Already tested and work on your localhost machine and LAN ? Great
How about deploy it into internet jungle ? What problem do you think will appear ?
The internet is very complex world. Take a look at this one.
You can dig deeper from this article. http://www.infoq.com/articles/Web-Sockets-Proxy-Servers. I quote some of the important thing you need to know.
Without any intermediary servers (proxy or reverse proxy servers, firewalls, load-balancing routers and so on) between the browser and the WebSocket server, a WebSocket connection can be established smoothly, as long as both the server and the client understand the Web Socket protocol. However, in real environments, lots of network traffic is routed through intermediary servers.
Today, most transparent proxy servers will not yet be familiar with the Web Socket protocol and these proxy servers will be unable to support the Web Socket protocol. In the future, however, proxy servers will likely become Web Sockets-aware and able to properly handle and forward WebSocket traffic.
there’s a some solution about that, but we doesn’t guarantee 100% success of websocket connection.
If an encrypted WebSocket Secure connection (
wss://) is used, then in the case of transparent proxy servers, the browser is unaware of the proxy server, so no HTTP
CONNECTis sent. However, since the wire traffic is encrypted, intermediate transparent proxy servers may simply allow the encrypted traffic through, so there is a much better chance that the WebSocket connection will succeed if an encrypted WebSocket connection is used.
If you have already visited and try this site. You will find this note that state the above problem too.
In some environments the WebSocket connection may fail due to intermediary firewalls, proxies, routers, etc. In that case take advantage of WebSocket’s secure capability and check Use secure WebSocket (TLS). Even if you have no issues you can still feel free to test using a secure connection.
So the conclusion is it’s better to create wss connection than plain ws, not only for security purposes but also to increase the success rate of websocket connection establishment.