Nodejs Socket.io Server is listening but client doesn't reach server

Grogu · March 14, 2023, 4:30pm

My web server is (include version): apache2@latest

The operating system my web server runs on is (include version): Ubuntu@latest

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.4.0

============================================================================
I am scratching my head because I do not understand how to fix this problem. This is only happening with this one server. All other nodejs + socket.io servers are running properly and have the same configuration. I'm running a website with apache2 and created a server with nodejs + socket.io. I've installed all the modules and when I run sudo pm2 start server this is what I see respectively :

As you can see Node is listening and when I run this command sudo ss -ltnp I see that the port is open.
I'm troubleshooting with the socket.io documentation here. I tried everything and I am lost. All my other servers with similar configuration all work. But this one is unreachable and I have no clue whats blocking the connection. When I paste this link in the browser https://server.justlave.com:3008/socket.io/?EIO=4&transport=polling it takes forever to load.

Errors I get in the console (Network tab) :

the connection used to fetch this resource is not secure

I reinstalled and reconfigure my server for the third time in a row now. I've deployed over 100 servers in my engineer career and this has never happened to me. There is something wrong with the letsencrypt certificate but I don't know where to look to solve this. I am using certbot. Any insights regarding this issue would help. I'm on a tight deadline.

server.js

const express = require('express');
const app = express();
const https = require('https');

var options = {
key: fs.readFileSync('/etc/letsencrypt/live/server.justlave.com/privkey.pem'),
cert: fs.readFileSync('/etc/letsencrypt/live/server.justlave.com/cert.pem')
};

var server = https.createServer(options, app);

const io = require('socket.io')(server, {
cors: {
origin: '*',
methods: ["GET", "POST"],
allowedHeaders: ["my-custom-header"],
credentials: true
}
});

io.on('connection', (socket) => {

//GET SOCKET ID
var socketid = socket.id;//my socket id

//console socket connect
console.log('[justlave.com:3008][new user connected] : ' + socketid);

});
server.listen(3008, () => {

console.log('[justlave.com][Node listening on *:3008');


});

client.js

<script>
var socket = io.connect('https://server.justlave.com:3008', {'multiplex': false});
</script>
<html>
<body>

<!--do stuff here-->

</body>

</html>
<script src="https://server.justlave.com:3008/socket.io/socket.io.js"></script>

MikeMcQ · March 14, 2023, 5:05pm

Highly unlikely that is true or the cause. I can't even connect to your domain/port so the TLS handshake has not even begun. Looks like a comms routing problem or firewall. You are using the Cloudflare CDN. Likely routing problem between it and your origin server.

For IPv6

curl -i -m10 -vvv https://server.justlave.com:3008/socket.io/socket.io.js
*   Trying 2606:4700:3034::ac43:8626:3008...
*   Trying 172.67.134.38:3008...
* After 4995ms connect time, move on!
* connect to 2606:4700:3034::ac43:8626 port 3008 failed: Connection timed out
*   Trying 2606:4700:3036::6815:60d:3008...
* After 2396ms connect time, move on!
* connect to 2606:4700:3036::6815:60d port 3008 failed: Connection timed out
* Connection timed out after 10000 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 10000 milliseconds

For IPv4

curl -i4 -m10 -vvv https://server.justlave.com:3008/socket.io/socket.io.js
*   Trying 172.67.134.38:3008...
* After 5000ms connect time, move on!
* connect to 172.67.134.38 port 3008 failed: Connection timed out
*   Trying 104.21.6.13:3008...
* After 2499ms connect time, move on!
* connect to 104.21.6.13 port 3008 failed: Connection timed out
* Failed to connect to server.justlave.com port 3008 after 7503 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to server.justlave.com port 3008 after 7503 ms: Connection timed out

MikeMcQ · March 14, 2023, 5:12pm

Oh, I just remembered that Cloudflare CDN does not support all port numbers.

You should review their docs about that

Grogu · March 14, 2023, 5:14pm

Thank you for trying to help. Cloudflare is set to Full and it should be working fine with certbot. When you're talking about Origin Server, should I use the Cloudflare certificates instead of letsencrypt?

MikeMcQ · March 14, 2023, 5:14pm

You can if you wish but see my post #3 about more likely problem

Grogu · March 14, 2023, 5:17pm

I've always used certbot and letsencrypt without issue. I'd rather continue with my current setup. What do you suggest I do about this communication problem? This TLS/firewall thing is a little outside of my scope but I'm a fast learner if you can guide me.

MikeMcQ · March 14, 2023, 5:21pm

I don't think you can use port 3008 with Cloudflare CDN. But, you should check with those docs or visit the Cloudflare Community. This has nothing to do with certs.

You might try not proxying your DNS in Cloudflare

Grogu · March 14, 2023, 5:25pm

Yes I can lol. I'm using another server same setup and I'm able to do polling. It has nothing to do with ports. I'm using 3006 and 3008 in another project on a different IP and it runs just fine. I know its letsencrypt because those other servers running nodejs + socketio were setup with certbot last year or before you guys changed something and they are working fine. This new server was setup this year and it's the only one not working. So there's certainly a correlation with your new configuration.

rg305 · March 14, 2023, 5:25pm

Information like these is not very useful; As it can mean different things to different people.

It is always best to provide actual version numbers [and letters (if any)].

MikeMcQ · March 14, 2023, 5:26pm

Can you give domain name?

Is that proxied in Cloudflare too?

rg305 · March 14, 2023, 5:28pm

Also behind Cloudflare?
[you must compare apples to apples]

Grogu · March 14, 2023, 5:28pm

Yes. They all follow same kind of configuration.

MikeMcQ · March 14, 2023, 5:31pm

Please share a domain name that is working on one of those ports. A second set of eyes may see something you don't

Grogu · March 14, 2023, 5:34pm

All my websites and apps run through cloudflare and have same configuration on apache2

MikeMcQ · March 14, 2023, 5:38pm

I would have to see that to believe it. The evidence I showed says otherwise.

rg305 · March 14, 2023, 5:39pm

How did you set that up [within Clloudflare]?

Grogu · March 14, 2023, 6:38pm

Sorry for late answer. I had to go through some things first. The other domain : webb24h.com and you can check polling working just fine here : https://server.webb24h.com:3008/socket.io/?EIO=4&transport=polling

Grogu · March 14, 2023, 6:39pm

This is our oldest product and as you can see, everything running A1 and like I said, it is same nodejs + socketio+ certbot(letsencrypt) setup as our justlave.com domain. All running through cloudflare. All is pointing to letsencrypt.

MikeMcQ · March 14, 2023, 6:43pm

The domain webb24h.com is NOT using Cloudflare CDN. Huge difference

nslookup server.webb24h.com
Address: 51.222.9.201

compare to

nslookup server.justlave.com

Address: 172.67.134.38
Address: 104.21.6.13
Address: 2606:4700:3034::ac43:8626
Address: 2606:4700:3036::6815:60d

Grogu · March 14, 2023, 6:47pm

Bro... please stop insulting my intelligence and my works. Who do you think this is? A human?