Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure nginx reverse proxy to use SECURE websockets upstream?

Tags:

nginx

websocket

I want to use nginx as a reverse proxy for websocket connections.

Consider echo.websocket.org to be my backend websocket service. As a test client I use wscat from https://github.com/websockets/wscat.

What works:

client <-- ws --> backend: wscat --connect ws://echo.websocket.org

client <-- wss -->: wscat --connect wss://echo.websocket.org

client <-- ws --> proxy <-- ws --> backend: wscat --connect ws://localhost with the following nginx configuration:

events {
}

http {
    server {
        listen 80;

        location / {
            proxy_pass http://echo.websocket.org;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection upgrade;
        }
    }
}

client <-- wss --> proxy <-- ws --> backend: wscat -n --connect wss://localhost with the following nginx configuration:

events {
}

http {
    server {
        listen 443 ssl;
        ssl_certificate /pki/cert.pem;
        ssl_certificate_key /pki/key.pem;

        location / {
            proxy_pass http://echo.websocket.org;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection upgrade;
        }
    }
}

What I want and what I need help with is configuring nginx to use secure websockets to connect to the backend. I want this configuration:

client <-- wss --> proxy <-- wss --> backend

I tried changing http://echo.websocket.org to https://echo.websocket.org without success. This leads to a 504 Gateway Timeout.

like image 954
merl Avatar asked Feb 15 '19 12:02

merl

People also ask

Do WebSockets work through reverse proxy?

WebSocket communication can take place over any reverse proxy which is configured to perform forwarding at the transport layer. Some proxies are able to handle WebSocket communication from certain clients at the application layer.

Can Nginx reverse proxy WebSocket?

NGINX supports WebSocket by allowing a tunnel to be set up between both client and back-end servers. NGINX will send the Upgrade request from the client to the back-end server, the Upgrade and Connection headers must be set explicitly. Once this is done, NGINX deals with this as a WebSocket connection.

What is upstream Nginx reverse proxy?

Nginx reverse proxy acts as an intermediate server that intercepts client requests and forwards them to the appropriate upstream backend server and subsequently forwarded a response from the server back to the client. The reverse proxy provides various benefits as an abstract layer above upstream servers.

Is Nginx reverse proxy secure?

nginx is built to be stable and secure, but it will only be as secure as the user who configures it. Once nginx is built and installed, configuring the server to be as minimal as possible is important.

1 Answers

You need to use proxy_ssl_certificate and proxy_ssl_certificate_key as specified in Nginx Docs

like image 57
Tech Alpha Studios Avatar answered Oct 21 '22 15:10

Tech Alpha Studios
Sign in to Comment

Related questions

Conditional nginx auth_request
nginx: [emerg] "upstream" directive is not allowed here in /etc/nginx/sites-enabled/wiki.[site].com:48

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!