From 57bc87787889305a32bfb39b9fac6c37f34a69c8 Mon Sep 17 00:00:00 2001 From: Ben Oukhanov Date: Sat, 10 Aug 2024 15:18:16 +0300 Subject: [PATCH] feat: use secure websocket connection --- docker-compose.prod.yml | 4 +- src/frontend/nginx.conf | 46 +++++++++++++++++-- .../Game.Application/GameApplication.cs | 10 +++- src/game-service/Game.Application/Makefile | 7 ++- .../Configurations/NetworkConfiguration.asset | 3 ++ .../Configurations/HostingData.cs | 2 + .../Configurations/NetworkConfiguration.cs | 12 +++++ .../Services/GameApi/WebSocketGameApi.cs | 2 +- 8 files changed, 75 insertions(+), 11 deletions(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 0dd9628a5..6ef6ff035 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -7,7 +7,7 @@ services: REACT_APP_ENV: Production REMOVE_CF_IPS: "false" ports: - - 80:80 + - 443:443 depends_on: - game-service game-service: @@ -16,7 +16,7 @@ services: expose: - 50051 environment: - URL: ws://0.0.0.0:50051 + URL: wss://0.0.0.0:50051 FLECK_LOG: Info IM_LOG: Debug GAME_LOG: Debug diff --git a/src/frontend/nginx.conf b/src/frontend/nginx.conf index 802042fd4..ba40d9af4 100644 --- a/src/frontend/nginx.conf +++ b/src/frontend/nginx.conf @@ -16,9 +16,46 @@ http { server game-service:50051; } - server { + server { listen 80; - server_name _; + server_name localhost; + + location / { + gzip_static on; + root /usr/share/nginx/html; + index index.html; + } + + location /game { + proxy_pass http://game/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support (nginx 1.4) + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } + } + + server { + listen 80; + server_name maplefighters.io www.maplefighters.io; + + # Redirect all HTTP requests to HTTPS + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + server_name maplefighters.io www.maplefighters.io; + + # SSL configuration + ssl_certificate /etc/nginx/ssl/server.crt; + ssl_certificate_key /etc/nginx/ssl/server.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; limit_req zone=req burst=10 delay=5; limit_req_status 444; @@ -31,9 +68,8 @@ http { } location /game { - # Source: https://github.com/nicokaiser/nginx-websocket-proxy/blob/master/simple-ws.conf - # redirect all HTTP traffic to game-service - proxy_pass http://game/; + # Upgrade to WebSocket protocol over HTTPS + proxy_pass https://game/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/src/game-service/Game.Application/GameApplication.cs b/src/game-service/Game.Application/GameApplication.cs index 6dd173ea4..fdc8987ce 100644 --- a/src/game-service/Game.Application/GameApplication.cs +++ b/src/game-service/Game.Application/GameApplication.cs @@ -1,4 +1,5 @@ using System; +using System.Security.Cryptography.X509Certificates; using DotNetEnv; using Fleck; using Game.Application; @@ -23,7 +24,9 @@ GameLog.Level = (GameLogLevel)Enum.Parse(typeof(GameLogLevel), gameLog); var url = Env.GetString("URL"); -var server = new WebSocketServer(url); +var certificatePassword = Env.GetString("CERT_PASSWORD"); +var serverUri = new Uri(url); +var server = new WebSocketServer($"{serverUri.Scheme}://{serverUri.Host}:{serverUri.Port}"); var serverComponents = new ComponentCollection(new IComponent[] { new IdGenerator(), @@ -41,6 +44,11 @@ serverComponents?.Dispose(); }; +if (string.IsNullOrEmpty(certificatePassword) == false) +{ + server.Certificate = new X509Certificate2("server.pfx", certificatePassword); +} + server.Start((connection) => { var id = idGenerator.GenerateId(); diff --git a/src/game-service/Game.Application/Makefile b/src/game-service/Game.Application/Makefile index bb203f3be..f7e8d6a3d 100644 --- a/src/game-service/Game.Application/Makefile +++ b/src/game-service/Game.Application/Makefile @@ -2,7 +2,10 @@ build: docker build -t game-service . run: - docker run -p 50051:50051 game-service -e URL=ws://0.0.0.0:50051 \ + docker run -p 50051:50051 game-service -e \ + URL=ws://0.0.0.0:50051 \ FLECK_LOG=Info \ IM_LOG=Debug \ - GAME_LOG=Debug \ No newline at end of file + GAME_LOG=Debug \ + CONFIG_SOURCE=v2.0 \ + MAX_CONNECTIONS=100 \ No newline at end of file diff --git a/src/maple-fighters/Assets/Maple Fighters/Resources/Configurations/NetworkConfiguration.asset b/src/maple-fighters/Assets/Maple Fighters/Resources/Configurations/NetworkConfiguration.asset index 46990cf9b..f25d34277 100644 --- a/src/maple-fighters/Assets/Maple Fighters/Resources/Configurations/NetworkConfiguration.asset +++ b/src/maple-fighters/Assets/Maple Fighters/Resources/Configurations/NetworkConfiguration.asset @@ -14,12 +14,15 @@ MonoBehaviour: m_EditorClassIdentifier: HostingData: - Name: Editor + Protocol: ws Host: localhost Environment: 0 - Name: Development + Protocol: ws Host: localhost Environment: 1 - Name: Production + Protocol: wss Host: maplefighters.io Environment: 2 Environment: 0 diff --git a/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/HostingData.cs b/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/HostingData.cs index 9c376cf9d..61d2d4c61 100644 --- a/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/HostingData.cs +++ b/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/HostingData.cs @@ -7,6 +7,8 @@ public class HostingData { public string Name; + public string Protocol; + public string Host; public HostingEnvironment Environment; diff --git a/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/NetworkConfiguration.cs b/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/NetworkConfiguration.cs index 8a9f8e211..81f091f61 100644 --- a/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/NetworkConfiguration.cs +++ b/src/maple-fighters/Assets/Maple Fighters/Scripts/ScriptableObjects/Configurations/NetworkConfiguration.cs @@ -14,6 +14,18 @@ public class NetworkConfiguration : ScriptableSingleton public HostingEnvironment Environment; + public string GetProtocol() + { + var hostingData = + HostingData.FirstOrDefault((x) => x.Environment == Environment); + if (hostingData != null) + { + return hostingData.Protocol; + } + + return string.Empty; + } + public string GetHost() { var hostingData = diff --git a/src/maple-fighters/Assets/Maple Fighters/Scripts/Services/GameApi/WebSocketGameApi.cs b/src/maple-fighters/Assets/Maple Fighters/Scripts/Services/GameApi/WebSocketGameApi.cs index 7ab4c4566..76967499a 100644 --- a/src/maple-fighters/Assets/Maple Fighters/Scripts/Services/GameApi/WebSocketGameApi.cs +++ b/src/maple-fighters/Assets/Maple Fighters/Scripts/Services/GameApi/WebSocketGameApi.cs @@ -77,7 +77,7 @@ private void Start() var uriBuilder = new UriBuilder() { - Scheme = "ws", + Scheme = networkConfiguration.GetProtocol(), Host = networkConfiguration.GetHost(), Path = "game" };