Forum

I'm using Hiawatha to forward my websocket connections to a node.js server. If I want to use secure websockets (wss), is it possible to have Hiawatha decrypt them into regular websockets (ws)? Here's an example of what my code looks like.

Binding {
	Port = 80
}

VirtualHost {
    Hostname =0.0.0.0
    WebsiteRoot = /path/to/website
    StartFile = index.html
    AccessLogfile = /path/to/access.log
    ErrorLogfile = /path/to/error.log
    ReverseProxy .*  http://172.18.1.47:3000/
    WebSocket = ws://ip:3000 /websocket1 15
    WebSocket = ws://ip:9002 /websocket2 15
}

I don't understand what you try to achieve. You want to use secure websockets, but at the same time have Hiawatha to decrypt them (not use secure websockets).

Sorry, I'll clarify. I have a node.js server runnning in the background using an http connection and unsecured websockets. I'm currently using Hiawatha to forward requests from the client to my node.js server using the reverse proxy functionality and two unprotected websockets. For multiple reasons, it is advantageous to me to leave the node.js server functioning completely unencrypted but hosted locally, and use Hiawatha to interact with anything outside my local network.
If I want to encrypt my traffic, is it possible for me to encrypt the traffic that goes between Hiawatha and the client (use wss/https), but decrypt this traffic inside Hiawatha such that connections to my node js server through the Reverse proxy and websockets are unencrypted (ws/http)?

Thanks for all your help Hugo!!

Ah, ok. if you use 'WebSocket = ws://...', then the connection to the websocket will be plain text. If you use 'ReverseProxy .* http://...', the connection between Hiawatha and backend server will be plain text. If you use a TLScertFile option in your binding (use Port = 443), then the connection between the client and webserver will be encrypted. That will be for normal requests, AJAX requests, websocket requests and so on. So, yes, in that case, Hiawatha acts as an SSL offloading server.