1

I have two websites:

1)httpwebsite.com where I run my web application which uses APACHE, PHP and MYSQL;

2)wss.com where I run a nodeJS websocket server, used for a multiplayer game;

I want to host the javascript client-side files that communicate with the websocket server, on httpwebsite.com, so I dont have to configure a http server on nodeJS, for many reasons, like security and lack of experience with using nodeJS as HTTP server.

I want to use nodeJS only for the websocket server, for performance and flexibility reasons, among many others.

I've heard that Same-origin policy restricts communication from httpwebsite.com with wss.com , but can this be reconfigured to actually allow communication between two different domains that want to communicate with each other on purpose?

Do I have other options than actually running a HTTP server on the nodeJS server?

Improve this question

2 Answers 2

Reset to default
1

You can use CORS for secure requests from one domain to another domain.

http://www.html5rocks.com/en/tutorials/cors/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

2 options:

  1. You can add CORS headers to wss.com to allow access to website.com to load it's resources. The link Matt gave should explain how this works and you just need to add this HTTP Header to each Node server you need to access.

  2. You can proxy your requests through your Apache server to the node server. So the web browser thinks it's talking to a service on the same origin. This is often used to only have your web server publically available and your app server (running node) not directly available and protected behind a firewall - though obviously Apache needs to be able to access it.

You can use this config in Apache to achieve option 2 to forward http://website.com/api calls to a service running in wss.com on port 3000.

#send all /api requests to node ProxyPass /api http://wss.com:3000 #Optionally change all references to wss.com to this domain on return: ProxyPassReverse /api http://wss.com:3000
Improve this answer

2 Comments

My aim was to not involve two servers for 1 request. Doing this through Apache as an intermediary server feels like Apache would have almost the same load as the NodeJS server. My idea was to use Apache to serve the static files (after the player would login and other simple things) and then keep NodeJS for dealing with the "gaming load". Maybe I am wrong and maybe your solution doesn't involve adding too much load to Apache for the forwarding. Can you comment on this?
Then use CORS. But, as I say this is a fairly common use case, and the load on Apache just to forward requests will be negligible. Web servers are specifically designed to handle high load. Particularly if they are just servicing up static content and/or proxying requests and not doing much processing themselves. Additionally it allows additional benefits for security and performance. E.g. SSL termination can be at one point, rather than having SSL on each node server, less ports need to be open to the world (usually just port 80 and 443), other features like WAFs can be installed... etc.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.