I have a IOS/swift client connecting to a NodeJS/ws websocket service through a NGINX reverse proxy. All the websocket related forwarding setup is done in the NGINX configuration and websocket service is able to upgrade and setup the websocket connection from the client's upgrade request.
But on the client end, no Response is received for the original http upgrade Request.
When the websocket terminates the connection after a timeout, the client gets the Response, which is strange.
The NGINX reverse proxy is running in a container on a VM.
I have seen one other question to the exact same issue but did not find any answers. Is this a problem with the proxy running in a container?
"Nginx not passing websocket upgrade response back to client?"
Here is the snippet of my nginx proxy.
server {
listen 443 ssl;
server_name <hidden>;
ssl on;
ssl_certificate /etc/certs/<hidden>.pem;
ssl_certificate_key /etc/certs/<hidden>.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
large_client_header_buffers 8 32k;
location ~^/(?<cluster>[^/]+)/websocket {
proxy_pass https://<hidden>
proxy_http_version 1.1;
set $http_upgrade "websocket";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header FromRP <hidden>;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Addr $remote_addr:$remote_port;
proxy_set_header X-External-URL $scheme://$host$request_uri ;
proxy_read_timeout 360;
access_log /var/log/nginx/websocket.access.log upstreamlog;
error_log /var/log/nginx/websocket.error.log info;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
}
Related
Hi I am running node+express+vue
Here is my nginx configuration
server {
listen 443;
server_name mydomain.me;
ssl on;
ssl_certificate /root/mydomain.me.cert;
ssl_certificate_key /root/mydomain.me.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
With the above configuration I can access my site using https://mydomain.me but in Chrome's console there are some error appears.
GET https://localhost:8080/sockjs-node/info?t=1517580112789 net::ERR_CONNECTION_REFUSED
client?d420:175 [WDS] Disconnected!
sockjs.js?3600:1601 GET https://localhost:8080/sockjs-node/info?t=1517580112789 net::ERR_CONNECTION_REFUSED
Would you please help me why localhost:8080 is still appears? and how to fix this
The websocket is trying to directly connect to 8080 through nginx. You need to proxy that connection,as well.
Don't forget to change WebSocket URL when you initialise your connection:
var sock = new SockJS('https://mydomain.me');
I am trying to use socket.io in a Node js application. I have the application sitting on a subdomain and the front-end running on the www version of the domain.
Running the front-end and Node js service on the same domain is not an option.
Sending data back and forth from the client to the server seems to be working. I have sent data both ways and it has worked fine.
However, In the console of the browser I get the following error.
WebSocket connection to 'wss://subdomain.domain.com/socket.io/?EIO=3&transport=websocket&sid=6bNHWyXcCdlMI0HHAAAB' failed: Error during WebSocket handshake: Unexpected response code: 400
My Nginx configuration looks like this:
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443;
server_name subdomain.domain.com;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '*******';
# Pass requests for / to localhost:3000:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
}
}
Both the client and the Node js are using https.
Does anyone know what is causing this issue and how it could be fixed?
Thank you
It looks like you forgot about Upgrade header. It's required if you want to use Nginx as a reverse proxy for WebSockets.
As said here, just try to add one more header:
proxy_set_header Upgrade $http_upgrade;
I try to implement ssl in my node.js app but failed. Here is my app.js
https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801
In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.
So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below
server {
listen 80;
server_name mysite.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.
You need to listen on port 443 and configure nginx to use some certificates.
Something like:
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=3600";
ssl on;
ssl_certificate /.../chained2.pem;
ssl_certificate_key /.../domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.
I think I almost out of idea. Been trying all solution on other answer and all blogpost, but still out of luck.
Here's what I'm trying to do. I have nodejs server with socket.io running in certain port and want proxy pass from the port 80 with the nginx. The condition is my app still work, and successfully sent the request via socket.io and the other client received it. But the thing is I keep getting "Upstream timed out" error, and there is a lot of them.
This is my current nginx setting after a lot changes:
upstream node_server.com {
server 127.0.0.1:3002 max_fails=0 fail_timeout=10s;
keepalive 512;
}
server {
listen 443;
client_max_body_size 16M;
keepalive_timeout 10;
ssl on;
ssl_certificate my.crt;
ssl_certificate_key my.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
server_name my_domain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_pass https://node_server.com;
proxy_redirect off;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on; # not necessary
}
}
And this is the error message I got (there's a lot of them):
[error] 8131#0: *4599 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 112.215.64.131, server: my_domain.com, request: "GET /socket.io/?EIO=3&sid=ZRsV9eAnEItl90-vAH-j&transport=polling&user=2104655266f3db0f2a HTTP/1.1", upstream: "https://127.0.0.1:3002/socket.io/?EIO=3&sid=ZRsV9eAnEItl90-vAH-j&transport=polling&user=2104655266f3db0f2a", host: "my_domain.com"
Even tough my app still work right now, I want to get rid all of the error.
Really appreciate any help.
Change it
proxy_pass https://node_server.com; to proxy_pass http://node_server.com;
And you should access:
https://my_domain.com
`
Should hope it help !
I have a Facebook game and since i started using nginx in front of node.js process it seems that many websocket connections are dropped. Does someone know if there are some versions of nginx and socket.io that are problematic or if someone has the good combination please let me and others with similar problem know. I am using socket.io 0.9.14 and nginx 1.6.2.
Here is mine nginx config file:
server {
listen 443;
server_name maumaugame.com;
access_log /var/log/nginx/maumau_access.log;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/maumaugame.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://node;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
# Serve static files without going through upstreams
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|tar|wav|bmp|rtf|js|mp3)$ {
root /var/www/maumaugame.com/public_html/public;
access_log /var/log/nginx/maumau_other_access.log;
expires 1h;
}
}
upstream node {
ip_hash;
server 127.0.0.1:8000;
}
I don't know if moving to socket.io 1.0+ will solve this problem?