InspIRCd v4 is still early in development!

If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.

You probably want to use InspIRCd v3 instead.

The "websocket" Module (v4)


This module allows WebSocket clients to connect to the IRC server.


To load this module use the following <module> tag:

<module name="websocket">


This module extends the core <bind> tags with the following hook types:

Name Description
websocket Listens for WebSocket connections.
Example Usage

Listens for plaintext WebSocket connections on the endpoint:

<bind address=""


The <websocket> tag defines settings about how the websocket module should behave. This tag can only be defined once.

Name Type Default Value Description
defaultmode Text text The default action to take when the user does not send a recognised WebSocket subprotocol.
nativeping Boolean True Required! Whether to check client connectivity using WebSocket ping messages instead of IRC ping messages.
proxyranges Text None A space-delimited list of glob or CIDR matches to trust the X-Real-IP or X-Forwarded-For headers from.

The defaultmode field should be set to one of the following values:

Value Description
binary Send binary WebSocket frames to clients.
reject Reject connections that do not explicitly request a subprotocol.
text Send text WebSocket frames to clients. This requires all text to be transcoded to UTF-8.
Example Usage
<websocket defaultmode="text"
           proxyranges=" 198.51.100.*">


The <wsorigin> tag defines an WebSocket origin that is allowed to connect to the server. This tag can be defined as many times as required.

Name Type Default Value Description
allow Text None Required! A glob pattern for an URL of a web page that is allowed to connect.
Example Usage

Allows access to the server from all subdomains of

<wsorigin allow="https://*">

Special Notes

The following HTTP errors are sent by this module:

Error Reason
400 Bad Request Your WebSocket implementation has not sent the Origin header.
400 Bad Request <websocket:proxyranges> was non-empty and no well-formed X-Real-IP or X-Forwarded-For header was sent.
400 Bad Request <websocket:defaultmode> was set to reject and no recognised WebSocket subprotocol was sent.
403 Forbidden You are attempting to connect from a non-whitelisted origin.
501 Not Implemented Your WebSocket implementation has not sent the Sec-WebSocket-Key header.
503 Service Unavailable You do not have the sha1 module loaded.

If you add an encrypted WebSocket listener you should create a custom TLS (SSL) profile that has requestclientcert="no" set. This is required to allow connections to your server using Google Chrome.

Some reverse proxy providers (e.g. Cloudflare) drop idle WebSocket connections which can cause problems with this module. It is recommended that you avoid these providers.