What setting determines whether I run websockets over ws:// or wss://?

I’m trying to get websockets working in a non-dev environment and I’m confused about whether I should be using ws:// or wss:// Ideally, I would like my prod environment to mirror my dev environment exactly - with live code reload and no security and so forth.

But for now, I just want to know what setting in my project determines whether I should try to connect to websockets using ws:// or wss://

Also, I’m not sure whether this might be affected by my deployment system, which is convox (praxis) – I think that might force me into https/wss. But long story short - how can I check which one it is? Especially for websockets.

Do you mean how the browser decides what scheme to use? Maybe this will help https://github.com/phoenixframework/phoenix/blob/master/assets/js/phoenix.js#L625

  # from the link above, in case it changes
  protocol(){ return location.protocol.match(/^https/) ? "wss" : "ws" }

    let uri = Ajax.appendParams(
      Ajax.appendParams(this.endPoint, this.params), {vsn: VSN})
    if(uri.charAt(0) !== "/"){ return uri }
    if(uri.charAt(1) === "/"){ return `${this.protocol()}:${uri}` }

    return `${this.protocol()}://${location.host}${uri}`

thanks @idi527 - that’s a good tip

@idi527 - sorry, no I don’t need to know how the browser decides – this app I am running does not have a user-facing side. It only exists as a websocket endpoint. I am trying to connect to it from a different domain entirely.

Then I guess it’s up to you which scheme to use. There might be some restrictions on the backend, though.

Yes, my question is - how do I tell which scheme I chose?

If you set :force_ssl flag to true in your endpoint, then I guess it makes cowboy to force ssl during the upgrade callback and you need to use wss://, I might be wrong though.

ok, thanks - I do not use force_ssl anywhere :slight_smile:

Then I guess you can use ws://, because force_ssl is the only option in phoenix that I know of that’s responsible for using https. And according to the RFC [page 17] (or at least to my understanding of it), it’s the only part of the http request that defines which scheme to use, ws or wss.

The “Request-URI” part of the request MUST match the resource name defined in Section 3 (a relative URI) or be an absolute http/https URI that, when parsed, has a resource name, host, and port that match the corresponding ws/wss URI.

ws:// is basically signaling to upgrade an http request, whereas wss:// is signaling to negotiate an ssl connection then upgrade a http request.

Just for clarification, https:// is just signaling to negotiate an ssl then handle an http request.

Are you going to use or force https in production?
If yes, then use wss. If no, then use ws.

Here is the guide to setup ssl on Phoenix if you need a place to look for the settings.