Secure WebSocket Certificate for Custom Game Server
I currently have a simple C# SuperWebSocket server running via PlayFab's Custom Game Server service. I created a certificate that I deploy with my build so I could use a secure WebSocket. So far it's working perfectly. My PC and Android games can connect to it just fine, but my WebGL builds (running in Chrome) can't connect because of the following issue:
WebSocket connection to 'wss://34.227.190.17:9000/' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID
My guess is that it doesn't like my locally made Certificate. Does this mean I need to buy a SSL Certificate from a company like Comodo (https://www.comodoca.com/en-us/)? If so it wants me to give them a domain. Is there a specific domain I should be using? One of my running servers has the address ec2-34-207-183-239.compute-1.amazonaws.com, so would the domain be "*.compute-1.amazonaws.com"? Is there any chance the PlayFab Custom Game Server tech has a certificate on the machine I can use?
Thanks in advance!
Any tips on setting up a reverse proxy? @Brian Gish were you able to solve this?
Best Answer
I'm concerned that what you're proposing isn't the best solution for what you're trying to do. Using the amazonaws.com comain isn't possible for an authoritative cert. Additionally, the server hosts and IP addresses are constantly changing, meaning you're unable to properly set up your own domain for the cert. We also don't have one you can use.
Chatting with one of our dev leads, he suggested looking into setting up a reverse proxy to forward connections to the appropriate server instance and port. This could run under your own domain, using your own cert. I understand that may be more work than you were expecting, but we just don't have an out-of-the-box solution for what you're trying to do.
Hi @Andy, thanks for the reply! Sadly I don't have any experience with that, but I'll definitely look into it. Since PlayFab doesn't have an out of the box solution for this, does this mean no one has used PlayFab's Custom Game Server service to release a browser based game?
While I'm not aware of any specific studios using custom game servers with browser-based games, I'm sure there are some. The problem you're encountering is omnipresent across all server hosting, I would imagine. Any time you're spinning up dynamic machines and connecting directly to them, you're not going to be able to have a consistent endpoint to secure. The reverse proxy solution is a way of creating that securable endpoint.
I'm going to talk to our Multiplayer Server folks about this, as it seems like a service we could potentially provide with a future iteration of our server hosting.
Thanks @Andy for the explanation! I'm a bit of a newbie when it comes to this sort of thing. Also, thanks for talking to the Multiplayer Server guys, that would be a very helpful service to have in the future. Cheers!
@Andy @Brendan Is PF considering any solution with this? Or is that just not possible with certs / domains...etc.? @Brian Gish What solution did you end up going with? Thanks in advance all.
Our game server hosting service isn't really designed for use as web service hosts - the use cases they were built for are all around session-based gameplay where clients make a UDP/TCP connection to the server. Realistically, a web service for a game needs to have a consistent URI that the client devices can hit - something you can't get from game server hosting, since IPs will change frequently.
But turning this around - what does the web service do, specifically? Why not just build that logic into an Azure Functions Cloud Script that you call through PlayFab?
Thanks for the response @Brendan I appreciate it! As Brian states in his question, it's more about making the connection secure, if possible. Having an SSL cert and having an HTTPS connection vs a HTTP connection is the goal. I get it though that this may be out of scope of what PF would provide. Having it hosted on our of web server then marshalling calls over to PF may be the way to go. I just don't want to bottle neck it on our server.
Hi there @Brian Gish, @Andy, has there been any officially (or unofficially) proven solution for this recently?
