greatsami/Laravel websockets ssl ngnix setup

## Laravel websockets ssl ngnix setup
After Setup laravel websockets with port 6003 and letsencrypt certs on ubuntu 18.4 LTS.

Note: change domain.test with your domain

edit .env
```
PUSHER_APP_ID=myId
PUSHER_APP_KEY=myKey
PUSHER_APP_SECRET=mySecret
PUSHER_APP_CLUSTER=eu

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
MIX_PUSHER_APP_URL="${APP_URL}"
```

edit config/websockets.php
```
'dashboard' => [
    'port' => env('LARAVEL_WEBSOCKETS_PORT', 6003),
],
.
.
.
'apps' => [
    [
        .
        .
        .
        'enable_client_messages' => true,
        'enable_statistics' => true,
    ],
],
.
.
.
'ssl' => [
    /*
     * Path to local certificate file on filesystem. It must be a PEM encoded file which
     * contains your certificate and private key. It can optionally contain the
     * certificate chain of issuers. The private key also may be contained
     * in a separate file specified by local_pk.
     */
    // 'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', 'C:\xampp\apache\crt\domain.test\server.crt'),
    'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', '/etc/letsencrypt/live/domain.test/cert.pem'),

    /*
     * Path to local private key file on filesystem in case of separate files for
     * certificate (local_cert) and private key.
     */
    // 'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', 'C:\xampp\apache\crt\domain.test\server.key'),
    'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', '/etc/letsencrypt/live/domain.test/privkey.pem'),

    /*
     * Passphrase for your local_cert file.
     */
    'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),

    'verify_peer' => false,
],
```

edit config/broadcasting.php
```
 'default' => env('BROADCAST_DRIVER', 'pusher'),

'connections' => [

    'pusher' => [
        'driver' => 'pusher',
        'key' => env('PUSHER_APP_KEY'),
        'secret' => env('PUSHER_APP_SECRET'),
        'app_id' => env('PUSHER_APP_ID'),
        'options' => [
            'cluster' => env('PUSHER_APP_CLUSTER'),
            'useTLS' => true,
            'host' => '127.0.0.1',
            'port' => 6003,
            'scheme' => 'https',
            'encrypted' => false,
            'curl_options' => [
                CURLOPT_SSL_VERIFYHOST => 0,
                CURLOPT_SSL_VERIFYPEER => 0,
            ],
        ],
    ],
    .
    .
    .
  ],
];

```

edit resources/js/bootstrap.js
```
import Echo from 'laravel-echo'

window.Pusher = require('pusher-js');

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: process.env.MIX_PUSHER_APP_KEY,
    cluster: process.env.MIX_PUSHER_APP_CLUSTER,
    wsHost: window.location.hostname,
    forceTLS: true,
    wsPort: 6003,
    wssPort: 6003,
    disableStats: true,
    encrypted: true,
});
```

in /etc/nginx/wites-enabled/domain.test
```
map $http_upgrade $type {
  default "web";
  websocket "wss";
}
server {
    root /var/www/laravel/public;
    server_name domain.test www.domain.test;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    #location / {
    #       try_files $uri $uri/ /index.php?$query_string;
    #}

    location / {
            try_files /nonexistent @$type;
    }

    location @web {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location @wss {
            proxy_pass             https://127.0.0.1:6003;
            proxy_set_header Host  $host;
            proxy_read_timeout     60;
            proxy_connect_timeout  60;
            proxy_redirect         off;

            # Allow the use of websockets
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            include fastcgi_params;
    }

    location ~ /\.ht {
            deny all;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.test/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.test/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.domain.test) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = domain.test) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name domain.test www.domain.test;
    return 404; # managed by Certbot
}
```

Finally,
In terminal open firewall on port 6003
```
$ sudo ufw allow 6003
$ sudo ufw enable
$ sudo ufw status
```

Thats it. :)
	After Setup laravel websockets with port 6003 and letsencrypt certs on ubuntu 18.4 LTS.

	Note: change domain.test with your domain

	edit .env
	```
	PUSHER_APP_ID=myId
	PUSHER_APP_KEY=myKey
	PUSHER_APP_SECRET=mySecret
	PUSHER_APP_CLUSTER=eu

	MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
	MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
	MIX_PUSHER_APP_URL="${APP_URL}"
	```

	edit config/websockets.php
	```
	'dashboard' => [
	'port' => env('LARAVEL_WEBSOCKETS_PORT', 6003),
	],
	.
	.
	.
	'apps' => [
	[
	.
	.
	.
	'enable_client_messages' => true,
	'enable_statistics' => true,
	],
	],
	.
	.
	.
	'ssl' => [
	/*
	* Path to local certificate file on filesystem. It must be a PEM encoded file which
	* contains your certificate and private key. It can optionally contain the
	* certificate chain of issuers. The private key also may be contained
	* in a separate file specified by local_pk.
	*/
	// 'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', 'C:\xampp\apache\crt\domain.test\server.crt'),
	'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', '/etc/letsencrypt/live/domain.test/cert.pem'),

	/*
	* Path to local private key file on filesystem in case of separate files for
	* certificate (local_cert) and private key.
	*/
	// 'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', 'C:\xampp\apache\crt\domain.test\server.key'),
	'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', '/etc/letsencrypt/live/domain.test/privkey.pem'),

	/*
	* Passphrase for your local_cert file.
	*/
	'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),

	'verify_peer' => false,
	],
	```

	edit config/broadcasting.php
	```
	'default' => env('BROADCAST_DRIVER', 'pusher'),

	'connections' => [

	'pusher' => [
	'driver' => 'pusher',
	'key' => env('PUSHER_APP_KEY'),
	'secret' => env('PUSHER_APP_SECRET'),
	'app_id' => env('PUSHER_APP_ID'),
	'options' => [
	'cluster' => env('PUSHER_APP_CLUSTER'),
	'useTLS' => true,
	'host' => '127.0.0.1',
	'port' => 6003,
	'scheme' => 'https',
	'encrypted' => false,
	'curl_options' => [
	CURLOPT_SSL_VERIFYHOST => 0,
	CURLOPT_SSL_VERIFYPEER => 0,
	],
	],
	],
	.
	.
	.
	],
	];

	```

	edit resources/js/bootstrap.js
	```
	import Echo from 'laravel-echo'

	window.Pusher = require('pusher-js');

	window.Echo = new Echo({
	broadcaster: 'pusher',
	key: process.env.MIX_PUSHER_APP_KEY,
	cluster: process.env.MIX_PUSHER_APP_CLUSTER,
	wsHost: window.location.hostname,
	forceTLS: true,
	wsPort: 6003,
	wssPort: 6003,
	disableStats: true,
	encrypted: true,
	});
	```

	in /etc/nginx/wites-enabled/domain.test
	```
	map $http_upgrade $type {
	default "web";
	websocket "wss";
	}
	server {
	root /var/www/laravel/public;
	server_name domain.test www.domain.test;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	#location / {
	# try_files $uri $uri/ /index.php?$query_string;
	#}

	location / {
	try_files /nonexistent @$type;
	}

	location @web {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location @wss {
	proxy_pass https://127.0.0.1:6003;
	proxy_set_header Host $host;
	proxy_read_timeout 60;
	proxy_connect_timeout 60;
	proxy_redirect off;

	# Allow the use of websockets
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	error_page 404 /index.php;

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
	include fastcgi_params;
	}

	location ~ /\.ht {
	deny all;
	}
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/domain.test/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/domain.test/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	server {
	if ($host = www.domain.test) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	if ($host = domain.test) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	listen 80;
	server_name domain.test www.domain.test;
	return 404; # managed by Certbot
	}
	```

	Finally,
	In terminal open firewall on port 6003
	```
	$ sudo ufw allow 6003
	$ sudo ufw enable
	$ sudo ufw status
	```

	Thats it. :)