This page describes how to set up nginx as a reverse proxy to expose the Twikit Unreal Engine WebSocket over a secure wss connection. The setup listens for incoming traffic on port 5000 (secure) and forwards it internally to port 5555 (insecure). Only port 5000 needs to be open to the outside world.
In the steps below, <LOCAL IP ADDRESS> refers to the IP address of the host machine — the machine running the Unreal Editor or packaged game — on the local network. A public IP address can also be used if the network firewall is configured to allow it.
Before connecting from a client device — on the client machine (e.g. a tablet), browse to https://<LOCAL IP ADDRESS>:5000 and accept the self-signed certificate. If you skip this step the wss connection will fail.
Linux
Note: For certificates that can be accepted on iOS, use the Windows/mkcert method described below to generate the certificate, then transfer the files to your Linux machine.
Generate a self-signed certificate:
bash
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/nginx-selfsigned.key \
-out /etc/ssl/certs/nginx-selfsigned.crt \
-subj "/CN=<LOCAL IP ADDRESS>" \
-addext "subjectAltName=IP:<LOCAL IP ADDRESS>"
Configure nginx — create or edit /etc/nginx/sites-available/websocket, replacing <LOCAL IP ADDRESS> with your own:
nginx
server {
listen 5000 ssl;
server_name <LOCAL IP ADDRESS>;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://127.0.0.1:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400;
}
}
Enable the configuration:
bash
sudo ln -s /etc/nginx/sites-available/websocket /etc/nginx/sites-enabled/
Start nginx:
bash
sudo nginx -t
sudo systemctl restart nginx
Windows
Install nginx — download from http://nginx.org and extract to C:\nginx.
Install mkcert — download from github.com/FiloSottile/mkcert/releases, then run the following once to install the local certificate authority:
bash
mkcert -install
Install the root CA on the tablet — transfer the root CA file to the tablet. On Windows it is located at %LOCALAPPDATA%\mkcert\rootCA.pem. On an iOS device: tap the file → Install Profile → follow the prompts, then go to Settings → General → About → Certificate Trust Settings and toggle on your root CA.
Generate a certificate — run this whenever the local IP address changes, replacing <LOCAL IP ADDRESS> with your own:
bash
mkcert <LOCAL IP ADDRESS>
Copy the generated files (<LOCAL IP ADDRESS>.pem and <LOCAL IP ADDRESS>-key.pem) to the nginx folder (C:\nginx\conf or the directory containing nginx.conf).
Configure nginx — edit C:\nginx\conf\nginx.conf, replacing <LOCAL IP ADDRESS> with your own:
nginx
http {
server {
listen 5000 ssl;
server_name <LOCAL IP ADDRESS>;
ssl_certificate <LOCAL IP ADDRESS>.pem;
ssl_certificate_key <LOCAL IP ADDRESS>-key.pem;
location / {
proxy_pass http://127.0.0.1:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400;
}
}
}
Start nginx:
bash
cd C:\nginx
nginx.exe
To run nginx as a Windows service, use NSSM or a similar service wrapper.