Menu
I want to use nginx as a reverse proxy for websocket connections.
Consider echo.websocket.org to be my backend websocket service. As a test client I use wscat from https://github.com/websockets/wscat.
What works:
client <-- ws --> backend:
wscat --connect ws://echo.websocket.org
client <-- wss -->: wscat --connect wss://echo.websocket.org
client <-- ws --> proxy <-- ws --> backend: wscat --connect ws://localhost with the following nginx configuration:
events {
}
http {
server {
listen 80;
location / {
proxy_pass http://echo.websocket.org;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
}
client <-- wss --> proxy <-- ws --> backend: wscat -n --connect wss://localhost with the following nginx configuration:
events {
}
http {
server {
listen 443 ssl;
ssl_certificate /pki/cert.pem;
ssl_certificate_key /pki/key.pem;
location / {
proxy_pass http://echo.websocket.org;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
}
What I want and what I need help with is configuring nginx to use secure websockets to connect to the backend. I want this configuration:
client <-- wss --> proxy <-- wss --> backend
I tried changing http://echo.websocket.org to https://echo.websocket.org without success. This leads to a 504 Gateway Timeout.
954
WebSocket communication can take place over any reverse proxy which is configured to perform forwarding at the transport layer. Some proxies are able to handle WebSocket communication from certain clients at the application layer.
NGINX supports WebSocket by allowing a tunnel to be set up between both client and back-end servers. NGINX will send the Upgrade request from the client to the back-end server, the Upgrade and Connection headers must be set explicitly. Once this is done, NGINX deals with this as a WebSocket connection.
Nginx reverse proxy acts as an intermediate server that intercepts client requests and forwards them to the appropriate upstream backend server and subsequently forwarded a response from the server back to the client. The reverse proxy provides various benefits as an abstract layer above upstream servers.
nginx is built to be stable and secure, but it will only be as secure as the user who configures it. Once nginx is built and installed, configuring the server to be as minimal as possible is important.
You need to use proxy_ssl_certificate and proxy_ssl_certificate_key as specified in Nginx Docs
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
