Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Help with deployment on Laravel Forge w/ let's encrypt #30
I have the same situation. I got it working on local with my self signed certs from valet, but can't get it working on my forge server.
Disclosure, I am a RunCloud owner. Since I saw this package, we have modified our nginx config to allow a user to add their own proxy setting. In this case, Let's Encrypt will work on port 443 which proxying port 6001. I think you can suggest forge to allow this kind of modification.
I'm still trying to get things working locally (windows + homestead). I got a similar error as you guys. So I tried to connect to my local homestead server on port 6001 using telnet. This didn't work. However, if I run the sockets server on my "external" ip address I am able to connect:
I am getting other errors now, but that's inside php code, so getting closer... Also, I don't know the implications of running it this way since I'm not a server specialist. So I'll have to read up on server stuff I guess :-)
I think the easiest method is to add a new host to forge (socket.yourdomain.tld for example) which has it's own cert and add the nginx rules to it to proxy the traffic from your server running on port 6001 (plain, no https) and let nginx do all the https stuff: https://docs.beyondco.de/laravel-websockets/1.0/basic-usage/ssl.html#usage-with-a-reverse-proxy-like-nginx
The webroot for this webhost can be empty since you will be replacing it with a reverse proxy config (serving the websockets server) instead of serving content from the webroot, it also does not have to point to your apps webroot.
This way Forge can manage the certificate itself and you don't have to worry about it
Your app can use 127.0.0.1:6001 to connect (plain, no https) to the server to submit it's broadcasts (throught the HTTP API) and your app can use socket.yourdomain.tld:443 (with ssl) from Pusher.JS/Laravel Echo.
One question: how can I test I'have configured Reverse Proxy ok? For example with following config:
If i visit:
thows my a 502 Bad Gateway error.
@stayallive thank you for your explanation.. but honestly my head is spinning trying to wrap my head around all this! I think your solution seems the best and cleanest.. but can you please see if I understand correctly
currently on my dev, using laravel valet with the --secure flag
I have 3 apps
#2 restapi.tld.dev which is the api for my front-end, and can broadcast to the front-end, via the dedicated socket app
#3 vue-frontend.tld.dev which is my front-end, this uses host: socket.tld.dev and connects over ssl
all 3 sites were https through Valet and it works great
now I tried to move all of this to my forge server and I can't connect. I realized the websocket ssl config was still pointing to my dev's .crt/.key so that was surely problem #1, and problem #2 is that I probably need to open up port 6001 first
But then I came here and saw your solution and it seems great since I may not have to do either of those things above.. worry about certs and open up a port
I already set up my 3 subdomains and made them all https through letsencrypt
Now is it my understanding that you're suggesting I set up a 4th subdomain, http only, and use the nginx block you provided to proxy to my internal port 6001 ?
Does this 4th domain need to be https with let's encrypt?
And then inside my socket.tld websocket's config I can leave the ssl config blank ?
And then in my vue-frontend I would set the host to https of this 4th domain?
This way all my domains are still https, and I can access my debug dashboard on the socket.tld, but the websocket config itself is not "SSL" thanks to the proxy trick?
@vesper8 you're almost there. The socket.tld.dev app you have should be it's own subdomain (with https) with that nginx block I mentioned earlier.
You will also need to run the
This way the websockets server runs on 127.0.0.1:6001 on your Forge box (do not configure SSL in your websockets.php file for the sockets server).
Then any app on your server (a server side app) can talk to your websockets server on http://127.0.0.1:6001 (no https) or socket.tld.dev:443 (with ssl). The internal non-http path will be slightly faster since it doesn not go via the internet but only local network.
Your front-end clients should connect to socket.tld.dev:443 (with http).
That should be it
A reverse proxy... proxies traffic, you might already guessed that but a default https host listens on port 443 and what that
Hope this makes more sense now for everyone
@stayallive no matter if php artisan websockets:serve is executed or no the 502 bad gateway error persists...
Let's suppose my Nginx proxy config is correct so maybe it's a package configuration error:
It coulb be really useful to see a complete working configuration....
Current Envirnment values:
So using current SSL certificates for Laravel Forge site.
An any errors when running:
Also not working with Laravel Echo:
Laravel Echo config:
Chrome Console error:
@stayallive thank you very much for your help! I have it all working perfectly now using your solution!
I did end up creating a 4th subdomain for the proxy pass, because the socket.tld domain still needs to be accessible for the sole purpose of accessing the debug dashboard
I seem to be having trouble with the same thing. I am trying to setup the reverse proxy as explained in these posts, and am getting a 502 error. I have created another Site in Forge, with the domain socket.domain.tld and this is the nginx config for that site:
In my config/websockets.php file, the local_cert and local_pk are both set to null.
My pusher connection config in config/broadcasting.php looks like this:
With my .env file looking like:
My Echo config:
And the exact error I get in the Chrome console:
Oh, and I have the
Any pointers on this will be more than appreciated, thanks in advance
@stayallive since a lot of us is experiencing the same problem, i think it would be great if there is a blog post / gist that goes through an end-to-end configuration to get it working properly.