I think I almost out of idea. Been trying all solution on other answer and all blogpost, but still out of luck.
Here's what I'm trying to do. I have nodejs server with socket.io running in certain port and want proxy pass from the port 80 with the nginx. The condition is my app still work, and successfully sent the request via socket.io and the other client received it. But the thing is I keep getting "Upstream timed out" error, and there is a lot of them.
This is my current nginx setting after a lot changes:
upstream node_server.com {
server 127.0.0.1:3002 max_fails=0 fail_timeout=10s;
keepalive 512;
}
server {
listen 443;
client_max_body_size 16M;
keepalive_timeout 10;
ssl on;
ssl_certificate my.crt;
ssl_certificate_key my.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
server_name my_domain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_pass https://node_server.com;
proxy_redirect off;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on; # not necessary
}
}
And this is the error message I got (there's a lot of them):
[error] 8131#0: *4599 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 112.215.64.131, server: my_domain.com, request: "GET /socket.io/?EIO=3&sid=ZRsV9eAnEItl90-vAH-j&transport=polling&user=2104655266f3db0f2a HTTP/1.1", upstream: "https://127.0.0.1:3002/socket.io/?EIO=3&sid=ZRsV9eAnEItl90-vAH-j&transport=polling&user=2104655266f3db0f2a", host: "my_domain.com"
Even tough my app still work right now, I want to get rid all of the error.
Really appreciate any help.
Change it
proxy_pass https://node_server.com; to proxy_pass http://node_server.com;
And you should access:
https://my_domain.com
`
Should hope it help !
Related
I faced with a problem.
I have 6 express apps running on Node and use Nginx as a reverse proxy, all of them running without a problem for months. But recently, when I'm trying to navigate to the inner page of any of site it returned me 502 or 504 nginx error.
When I try to run apps on ngrok or locally they work correctly but on the production server, I got 504/502 error.
Nginx log says
2019/04/10 16:38:12 [error] 1362#1362: *245 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 37.9.113.120, server: my.server, request: "GET /videos/videoId HTTP/1.1", upstream: "http://127.0.0.1:3000/videos/videoId", host: "www.my.host"
I tried to increment timeouts
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
But it didn't help (
Here is my server configuration.
server {
listen x.x.x.x:443 http2;
ssl on;
server_name www.myservername.com;
...(ssl conf here)
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I dig on StackOverflow similar topics but didn't find a solution. The most strange thing, in this case, is, after some time inner page is available but after I do loading tests and send about 100 requests on production server it stops working for about half or hour
Thanks for the help in advance.
You're listening on 443, using ssl, you must specify your certificates/key :
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /var/lib/nginx/ssl/serverssl.crt;
ssl_certificate_key /var/lib/nginx/ssl/serverssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header Host example.com;
proxy_pass http://localhost:8192/;
}
}
I have a IOS/swift client connecting to a NodeJS/ws websocket service through a NGINX reverse proxy. All the websocket related forwarding setup is done in the NGINX configuration and websocket service is able to upgrade and setup the websocket connection from the client's upgrade request.
But on the client end, no Response is received for the original http upgrade Request.
When the websocket terminates the connection after a timeout, the client gets the Response, which is strange.
The NGINX reverse proxy is running in a container on a VM.
I have seen one other question to the exact same issue but did not find any answers. Is this a problem with the proxy running in a container?
"Nginx not passing websocket upgrade response back to client?"
Here is the snippet of my nginx proxy.
server {
listen 443 ssl;
server_name <hidden>;
ssl on;
ssl_certificate /etc/certs/<hidden>.pem;
ssl_certificate_key /etc/certs/<hidden>.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
large_client_header_buffers 8 32k;
location ~^/(?<cluster>[^/]+)/websocket {
proxy_pass https://<hidden>
proxy_http_version 1.1;
set $http_upgrade "websocket";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header FromRP <hidden>;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Addr $remote_addr:$remote_port;
proxy_set_header X-External-URL $scheme://$host$request_uri ;
proxy_read_timeout 360;
access_log /var/log/nginx/websocket.access.log upstreamlog;
error_log /var/log/nginx/websocket.error.log info;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
}
I am cross posting this from Serverfault because it seems the Sails team monitors Stackoverflow.
I just started venturing in NGINX and SSL.
Using Ubuntu 16.04.
I am running a Sails server on the standard 1337 port and just set up NGINX with SSL (using letsencrypt). Port 80 is redirected to 443 and upstream goes to Sails.
I also have a Tomcat server listening on 8080 and use NGINX to redirect the same way.
Everything works fine: I can browse both servers on https without special ports on browser.
I have set up socket.io to use websockets protocol only (no polling). This is set on the server and on the browser client.
However, socket.io (sails.io) throws a 502 error no the browser. (polling gave an error too)
Here is my NGINX sites-available for the Sails server:
upstream sails {
server 127.0.0.1:1337 fail_timeout=0;
}
server {
listen 80;
listen [::]:80;
server_name mysails.server.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
listen [::]:443 ssl http2;
server_name mysails.server.com;
include snippets/ssl-mysails.server.conf;
include snippers/ssl-params.conf;
large_client_header_buffers 8 32k;
location / {
proxy_pass http://sails/;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Port $server_port;
proxy_set_header X-Real-IP $remot_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass_request_headers on;
}
location /socket.io/ {
proxy_pass http://sails/;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Port $server_port;
proxy_set_header X-Real-IP $remot_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass_request_headers on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
}
The snippets/ssl-mysails.server.conf and snippers/ssl-params.conf files contain:
ssl_certificate /path/to/letsencrypt/fullchain.pem;
ssl_certificate_key /path/to/letsencrypt/privkey.pem;
and
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Anyone has any clue on what's going on...?
** UPDATE **
I have added a lot of information about logs and behaviours on the Serverfault question
https://serverfault.com/questions/829100/socket-io-with-sails-js-node-js-and-nginx-on-ssl-bad-gateway
So the issue is a bad configuration on the NGINX sites-avalable conf file.
location /socket.io/ {
proxy_pass http://sails/;
...
}
should be
location /socket.io/ {
proxy_pass http://sails/socket.io/;
...
}
Pretty basic stuff: the "location" is not forwarded to the proxy_pass (why would it be, right?) -- So you need to make sure the socket requests are redirected to the exact socket endpoint.
I am trying to use socket.io in a Node js application. I have the application sitting on a subdomain and the front-end running on the www version of the domain.
Running the front-end and Node js service on the same domain is not an option.
Sending data back and forth from the client to the server seems to be working. I have sent data both ways and it has worked fine.
However, In the console of the browser I get the following error.
WebSocket connection to 'wss://subdomain.domain.com/socket.io/?EIO=3&transport=websocket&sid=6bNHWyXcCdlMI0HHAAAB' failed: Error during WebSocket handshake: Unexpected response code: 400
My Nginx configuration looks like this:
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443;
server_name subdomain.domain.com;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '*******';
# Pass requests for / to localhost:3000:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
}
}
Both the client and the Node js are using https.
Does anyone know what is causing this issue and how it could be fixed?
Thank you
It looks like you forgot about Upgrade header. It's required if you want to use Nginx as a reverse proxy for WebSockets.
As said here, just try to add one more header:
proxy_set_header Upgrade $http_upgrade;
I have a Facebook game and since i started using nginx in front of node.js process it seems that many websocket connections are dropped. Does someone know if there are some versions of nginx and socket.io that are problematic or if someone has the good combination please let me and others with similar problem know. I am using socket.io 0.9.14 and nginx 1.6.2.
Here is mine nginx config file:
server {
listen 443;
server_name maumaugame.com;
access_log /var/log/nginx/maumau_access.log;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/maumaugame.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://node;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
# Serve static files without going through upstreams
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|tar|wav|bmp|rtf|js|mp3)$ {
root /var/www/maumaugame.com/public_html/public;
access_log /var/log/nginx/maumau_other_access.log;
expires 1h;
}
}
upstream node {
ip_hash;
server 127.0.0.1:8000;
}
I don't know if moving to socket.io 1.0+ will solve this problem?