Do you want to deploy your WebGL game to itch.io or to your personal website but having an error similar to
Connection to server refused
Cannot establish to a secure connection
TLS handshake failed at step 0. Closing connection.
or more...
There are 2 ways to add a secure connection to the game server
- SSL
- Relay (Not Recommended)
- SSL is the most traditional ways but require extra effort to set it up. While Relay is the easiest and most flexible but introduce overhead such as more latency and cost.
- This guide will only cover how to setup SSL for Unity Transport (UTP)
- The guide will not go through one by one and It is recommended to have experience with devOps.
| Requirement | Description | Cost |
|---|---|---|
| Domain Name | Namecheap | Paid |
| Linux Server | Vultr (Alma 9) or equivalent | Paid |
| WebGL Client Website | Itch.io or equivalent | Free |
| Info | Description |
|---|---|
| Netcode | Netick |
| Transport | UTP for Netick |
In this guide, we're going to use the Netick networking library, however other netcode still behave similarly if they still use UTP.
In this guide we're going to use Vultr with Alma Linux 9 distro.
- SSH to the machine
- Install Snap
- Create A Record pointing to the linux server
It can be root domain or subdomain
- mygame.com
- play.mygame.com
- Open the firewall port of HTTP (TCP: 80)
- Open up Certbot Website
- Make sure the chosen option is Running on Other on Linux (snap)
- When running
sudo snap install --classic certbot, sometimes there is this error, don't worry about it and just re-run the command again
error: too early for operation, device not yet seeded or device model not acknowledged
- When it prompts the server common name, put the domain we just input from namecheap (e.g play.mygame.com)
- Print out
fullchain.pemandprivkey.pemusing thecatcommand
- The first certificate on
fullchain.pemwill be used for server certificate while, while the second is going to be used for client ca certificate - Copy each values to the Unity Transport Scriptable Object including the server common name
play.mygame.com
WARNING: The best practice is to not put the private key to the client build. Instead we can either:
- Load it from Disk using
File.OpenTextAPI (Most Flexible) - Hardcode the Private Key in code and load if Scripting Define Symbols (E.g
#if LOAD__PRIVATE_KEY)
HOWEVER We're going to ignore that issue at the moment
- Make sure you have the correct config for the Unity Transport Provider. It should be similar to this
- Build the Server as Linux Executeable
- Send the Executeable to Linux Server
- Run the Server
- Build the Client WebGL
- Create a new Project in Itch.io
- Upload the WebGL Build
- Start Netick! Now you should have secure connection both HTTPS and WSS
IMPORTANT: The IP Address on Launching Netick will be irrelevant, because its going to be overriden by the server common name. It's best to put 0.0.0.0
Hey! nice guide. I'm trying to do exactly this, but I'm hosting my game server on Multiplay and using the MAtchmaking system. Could you explain how to do this with a reverse proxy?