{% hint style="info" %} NOTE: WebGL performs a lot better with a Reverse Proxy, and that's generally easier to set up and maintain than using cert.json and PFX files.
Go to the Reverse Proxy page for instructions.
{% endhint %}
If you host your webgl build on a HTTPS domain you will need to use the secure web socket protocol (wss://). WSS requires a SSL certificate set up on your Mirror game server for basic scenarios or on your gateway server for "reverse proxy" scenarios. You will also have to ensure the "Client Use WSS" option is set on the transport.
For the following sections we will demonstrate how to obtain SSL certificates using Let's Encrypt for the domain simpleweb.example.com.
- You need a domain name and the ability to edit DNS records
- A DNS record should point to your webgl game client (normally hosted on port 443)
- A DNS record should point to your Mirror game server
- Set up virtual machine in the cloud: How to set up a Google cloud server
{% hint style="info" %}
NOTE: you may need to open port 80 for certbot operations.
{% endhint %}
Follows guides here:
https://letsencrypt.org/getting-started/ https://certbot.eff.org/instructions
Find the instructions for your server version. Below is link for Ubuntu 18.04 LTS (bionic)
https://certbot.eff.org/instructions?ws=nginx&os=ubuntubionic
For instruction 7
sudo certbot certonly --standalone
After filling in details you will get a result like this
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/simpleweb.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/simpleweb.example.com/privkey.pem
Your cert will expire on 2021-01-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
simpleweb.example.com should be your domain
To create a pfx file that SimpleWebTransport can use run this command in the /etc/letsencrypt/live/simpleweb.example.com/ folder
openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
You will be asked for a password; you can set a password or leave it blank. You might need to be superuser in order to do this.
su
cd /etc/letsencrypt/live/simpleweb.example.com/
Note: Currently the mono version shipped with unity is unable to load pfx files generated by OpenSSL version 3. You will have to add the -legacy command line argument to the openssl command above to generate a compatible pfx file.
You can either copy the cert.pfx file to your server folder or create a symbolic link.
Using Move
mv /etc/letsencrypt/live/simpleweb.example.com/cert.pfx ~/path/to/server/cert.pfx
Using Symbolic link
ln -s /etc/letsencrypt/live/simpleweb.example.com/cert.pfx ~/path/to/server/cert.pfx
Create a cert.json that SimpleWebTransport can read
Run this command in the ~/path/to/server/ folder
If you left the password blank at cert creation:
echo '{ "path":"./cert.pfx", "password": "" }' > cert.json
If you set up a password "yourPassword" at cert creation:
echo '{ "path":"./cert.pfx", "password": "yourPassword" }' > cert.json
After the cert.json and cert.pfx are in the game server folder like this
GameServerFolder
|- demo_server.x86_64
|- cert.json
|- cert.pfx
Then make the server file executable
chmod +x demo_server.x86_64
To run in the active terminal use
./demo_server.x86_64
To run in background use
./demo_server.x86_64 &
To keep the game server running even after you close your ssh session use
nohup ./demo_server.x86_64 &
nohupmeans: the executable will keep running after you close your ssh session the&sign means: that your server will run in background
you may need to use
sudoto run if you created a symbolic link
Test everything is working by connecting a game client to the game server using either the unity editor as a game client or using your deployed webgl build as the game client.
Set your domain (eg simpleweb.example.com) in the hostname field and then start a client.
To check if your pfx file is working outside of unity you can use pfxTestServer.js (src).