Mirror
  • Mirror Networking
  • API Reference
  • Development Blog
    • A Brief History of Mirror
  • User Manual
    • General
      • Getting Started
      • Script Templates
      • Change Log
        • 2024 Change Log
        • 2023 Change Log
        • 2022 Change Log
        • 2021 Change Log
        • 2020 Change Log
        • 2019 Change Log
      • Deprecations
      • Migration Guide
      • Integrations
      • Timestamp Batching
      • TCP and UDP
      • CCU
      • SyncDirection
      • Round Trip Time (RTT)
      • Connection Quality
      • Lag Compensation
      • Client Side Prediction
      • History Bounds
      • Tests
      • NetGraph
    • FAQ
      • Execution Order
    • Transports
      • KCP Transport
      • Telepathy Transport
      • WebSockets Transport
        • Reverse Proxy
          • Windows
            • IIS
          • Linux
            • NGINX
            • Caddy
            • Apache
            • HA Proxy
        • SSL
      • Multiplex Transport
      • Latency Simulation Transport
      • Ignorance
      • LiteNetLib Transport
      • FizzySteamworks Transport
      • FizzyFacepunch Transport
      • Encryption Transport
      • Edgegap Transports
        • Edgegap Relay
        • Edgegap Lobby
    • Components
      • Network Animator
      • Network Authenticators
        • Basic Authenticator
        • Device Authenticator
      • Network Behaviour
      • Network Discovery
      • Network Identity
      • Network Manager
      • Network Manager HUD
      • Network Ping Display
      • Network Profiler
      • Network Rigidbody
      • Network Lerp Rigidbody
      • Network Room Manager
      • Network Room Player
      • Network Start Position
      • Network Statistics
      • Remote Statistics
      • Network Transform
        • Snapshot Interpolation
      • Deprecated
        • Network Proximity Checker
        • Network Scene Checker
        • Network Match Checker
        • Network Owner Checker
    • Interest Management
      • Spatial Hashing
      • Distance
      • Scene
      • Scene + Distance
      • Match
      • Team
      • Custom
      • Legacy
    • Guides
      • Authority
      • IDs
      • Attributes
      • Time Synchronization
      • Data types
      • Serialization
      • Synchronization
        • SyncVars
        • SyncVar Hooks
        • SyncEvent (Obsolete)
        • SyncLists
        • SyncDictionary
        • SyncHashSet
        • SyncSortedSet
      • Communications
        • Remote Actions
        • NetworkManager Callbacks
        • NetworkBehaviour Callbacks
        • Network Messages
      • GameObjects
        • Player Game Objects
        • Custom Character Spawning
        • Custom Spawn Functions
        • Scene GameObjects
        • Pickups, Drops, and Child Objects
    • Examples
      • Additive Levels
      • Additive Scenes
      • Basic
      • Billiards
      • Multiple Additive Scenes
      • Pong
      • Room
      • Tanks
      • EdgegapLobby
  • Server Hosting
    • The Pragmatic Hosting Guide
    • Cloud Hosting Guides
      • AWS
      • Google Cloud
      • Oracle Free Tier
    • Hosting with a Remote Desktop
    • Edgegap Hosting Plugin Guide
  • Security
    • Security Overview
    • Cheat Protection Stages
    • Cheats & Anticheats
  • Community Guides
    • Community Translations
    • Video Tutorials
    • Resources
    • Mirror Quick Start Project
    • Unity for MMORPGs
    • Unity Canvas HUD
    • Odin Inspector Support
    • Ready Up And Die!
    • iOS AppStore
    • Mirror Docker Guide
    • Gitbook Guide
    • Mirror Branding
    • Contributors Agreement
    • Documentation License
Powered by GitBook
On this page
  • Pre-Setup
  • Get Cert
  • Create cert.pfx
  • Using cert.pfx
  1. User Manual
  2. Transports
  3. WebSockets Transport

SSL

PreviousHA ProxyNextMultiplex Transport

Last updated 1 year ago

NOTE: WebGL performs a lot better with a Reverse Proxy, and that's generally easier to set up and maintain than using cert.json and PFX files.

Go to the page for instructions.

If you host your webgl build on a HTTPS domain you will need to use the secure web socket protocol (wss://). WSS requires a SSL certificate set up on your Mirror game server for basic scenarios or on your gateway server for "reverse proxy" scenarios. You will also have to ensure the "Client Use WSS" option is set on the transport.

For the following sections we will demonstrate how to obtain SSL certificates using for the domain simpleweb.example.com.

Pre-Setup

  • You need a domain name and the ability to edit DNS records

    • A DNS record should point to your webgl game client (normally hosted on port 443)

    • A DNS record should point to your Mirror game server

  • Set up virtual machine in the cloud:

NOTE: you may need to open port 80 for certbot operations.

Get Cert

Follows guides here:

Find the instructions for your server version. Below is link for Ubuntu 18.04 LTS (bionic)

For instruction 7

sudo certbot certonly --standalone

After filling in details you will get a result like this

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/simpleweb.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/simpleweb.example.com/privkey.pem
   Your cert will expire on 2021-01-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

simpleweb.example.com should be your domain

Create cert.pfx

To create a pfx file that SimpleWebTransport can use run this command in the /etc/letsencrypt/live/simpleweb.example.com/ folder

openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem

You will be asked for a password; you can set a password or leave it blank. You might need to be superuser in order to do this.

su

cd /etc/letsencrypt/live/simpleweb.example.com/

Note: Currently the mono version shipped with unity is unable to load pfx files generated by OpenSSL version 3. You will have to add the -legacy command line argument to the openssl command above to generate a compatible pfx file.

Using cert.pfx

You can either copy the cert.pfx file to your server folder or create a symbolic link.

Using Move

mv /etc/letsencrypt/live/simpleweb.example.com/cert.pfx ~/path/to/server/cert.pfx

Using Symbolic link

ln -s /etc/letsencrypt/live/simpleweb.example.com/cert.pfx ~/path/to/server/cert.pfx

Create cert.json file

Create a cert.json that SimpleWebTransport can read

Run this command in the ~/path/to/server/ folder

If you left the password blank at cert creation:

echo '{ "path":"./cert.pfx", "password": "" }' > cert.json

If you set up a password "yourPassword" at cert creation:

echo '{ "path":"./cert.pfx", "password": "yourPassword" }' > cert.json

Run your server

After the cert.json and cert.pfx are in the game server folder like this

GameServerFolder
|- demo_server.x86_64
|- cert.json
|- cert.pfx

Then make the server file executable

chmod +x demo_server.x86_64

To run in the active terminal use

./demo_server.x86_64

To run in background use

./demo_server.x86_64 &

To keep the game server running even after you close your ssh session use

nohup ./demo_server.x86_64 &

nohup means: the executable will keep running after you close your ssh session the & sign means: that your server will run in background

you may need to use sudo to run if you created a symbolic link

Connect to your game

Test everything is working by connecting a game client to the game server using either the unity editor as a game client or using your deployed webgl build as the game client.

Set your domain (eg simpleweb.example.com) in the hostname field and then start a client.

Debugging SSL

To check if your pfx file is working outside of unity you can use pfxTestServer.js ().

Reverse Proxy
Let's Encrypt
How to set up a Google cloud server
https://letsencrypt.org/getting-started/
https://certbot.eff.org/instructions
https://certbot.eff.org/instructions?ws=nginx&os=ubuntubionic
src