Extension Websocket SSL question

Hi All,

I am looking to integrate a websocket into my extension. I have a node.js webserver with express which will host the socket with socket.io.

Regarding twitchs rules about all traffic sent and received being secured, does anyone know if it would be acceptable to create a socket via ‘http’ and send the data over https (webserver redirects all http requests to https, and only http,https, and ssh ports are open). Or would I need an ‘https’ socket and send over https? (obviously everything is over https)

Code examples below might explain more:

unsecure socket:

const app = express();
const server = require('http').Server(app);
const io = require('socket.io')(server);
io.on('connection', function(socket){
    console.log('someone connected');
});
server.listen(some configured port);

secure socket (same code, except server requires https instead of http):

const app = express();
const server = require('https').Server(app);
const io = require('socket.io')(server);
io.on('connection', function(socket){
    console.log('someone connected');
});
server.listen(some configured port);

Is there even a difference here? Would both be considered “secure” if its all sent over https?
The websocket on the extension is pointing to a https domain name and is reverse proxied thru nginx to the node server. Does this count as secure in regards to websockets?

I can only get my extension to talk to my server when I use http above. I’ve tried a bunch of stuff with https, reading ssl certs from the server filesystem, cors, but nothing is working. I suspect I may be doing something wrong.
Appreciate any help!

Yes.

My node server has zero HTTPS/cert stuff in it. I let nginx handle my SSL Termination.

IE my node server is insecure but only bound on 127.0.0.1 and Nginx is doing the SSL grunt work

Great, thanks again Barry! Much appreciated!

FWIW the websocket rfc spec seems to indicate the same, as long the connection is secure via TLS/SSL, it is considered secure (very dry reading) https://tools.ietf.org/html/rfc6455