I have a Facebook game and since i started using nginx in front of node.js process it seems that many websocket connections are dropped. Does someone know if there are some versions of nginx and socket.io that are problematic or if someone has the good combination please let me and others with similar problem know. I am using socket.io 0.9.14 and nginx 1.6.2.
Here is mine nginx config file:
server {
listen 443;
server_name maumaugame.com;
access_log /var/log/nginx/maumau_access.log;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/maumaugame.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://node;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
# Serve static files without going through upstreams
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|tar|wav|bmp|rtf|js|mp3)$ {
root /var/www/maumaugame.com/public_html/public;
access_log /var/log/nginx/maumau_other_access.log;
expires 1h;
}
}
upstream node {
ip_hash;
server 127.0.0.1:8000;
}
I don't know if moving to socket.io 1.0+ will solve this problem?
Related
The project was very OK when I worked locally under development. Because the ports of backend 1337 and frontend 3000 were manually changed by me. After we deployed the project to the cloud server, we made OpenSSL work for the frontend. It meant to make nginx redirect requests from port 80 to safe 443, which expected to load the SSL certification. All is well until we tried to log in with our 1337 port to Strapi admin panel, which is part of a backend directory.
To be clear:
backend runs on 1337
frontend runs on 5000.
Both server processes run in pm2 in the background with no problem. nginx file seems to not have any syntax errors. But I can not reach any of the backend operations even through Postman.
What I expect it to do is: run all requests started with domain.com/api/ through localhost:1337. As it made happen with main directory, run through 'localhost:5000'. This is nginx config file:
server {
listen 80;
listen [::]:80;
server_name sinavhukuk.com www.sinavhukuk.com;
access_log /var/log/nginx/site80port.com.access.log;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sinavhukuk.com www.sinavhukuk.com;
ssl_certificate /etc/letsencrypt/live/sinavhukuk.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sinavhukuk.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'XXXXXXXXXX';
location /{
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/main-dir-error.log debug;
}
location /api{
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/admin-error.log debug;
}
access_log /var/log/nginx/siteSSL.com.access.log;
error_log /var/log/nginx/siteSSL.com.error.log;
}
Hi I am running node+express+vue
Here is my nginx configuration
server {
listen 443;
server_name mydomain.me;
ssl on;
ssl_certificate /root/mydomain.me.cert;
ssl_certificate_key /root/mydomain.me.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
With the above configuration I can access my site using https://mydomain.me but in Chrome's console there are some error appears.
GET https://localhost:8080/sockjs-node/info?t=1517580112789 net::ERR_CONNECTION_REFUSED
client?d420:175 [WDS] Disconnected!
sockjs.js?3600:1601 GET https://localhost:8080/sockjs-node/info?t=1517580112789 net::ERR_CONNECTION_REFUSED
Would you please help me why localhost:8080 is still appears? and how to fix this
The websocket is trying to directly connect to 8080 through nginx. You need to proxy that connection,as well.
Don't forget to change WebSocket URL when you initialise your connection:
var sock = new SockJS('https://mydomain.me');
I try to implement ssl in my node.js app but failed. Here is my app.js
https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801
In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.
So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below
server {
listen 80;
server_name mysite.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.
You need to listen on port 443 and configure nginx to use some certificates.
Something like:
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=3600";
ssl on;
ssl_certificate /.../chained2.pem;
ssl_certificate_key /.../domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.
I have a reverse proxy with nginx routing to a node web server
I setup (I thought) SSL on the web server, but it looks like when my browser attempts to resolve the https request, no connection ever starts.
I wanted to ask a couple of questions
Where do I setup the SSL? on the reverse proxy where the request is first hit? or the node server where authentication occurs?
What is wrong with my configuration (if that is the problem
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04
This is the tutorial I used
Code included (sorry I totally forgot to include)
server {
listen 443 ssl;
server_name domain www.domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://app_server_ip:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://$host$request_uri;
}
1.On the reverse proxy
2.You should configure nginx file as similar following (using upstream parameter):
upstream api-app {
least_conn;
server 127.0.0.1:3000 weight=1 max_fails=0;
}
server {
listen 80;
listen 443 ssl;
server_name api.domain.net;
ssl_certificate /etc/letsencrypt/live/api.domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.domain.net/privkey.pem;
client_max_body_size 2000M;
large_client_header_buffers 32 128k;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://api-app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I have 2 droplets (instances) on DigitalOcean. One is used as web server and has Nginx installed, one has my node.js app on it.
I've setup Nginx to take care of SSL, and to redirect all non-SSL and www traffic to https://url.com. I used proxy_pass to refer to the node app on my other droplet. So far so good. Everything works.
Now I want to also use Nginx to serve static files, instead of using Node. My static files are also on the App droplet, in the /var/www/node_app/public folder.
But for some reason I can't make it work to refer properly to them.
How do I do this?
This is my Nginx config:
server {
listen 80;
server_name www.url.com;
return 301 https://url.com$request_uri;
}
server {
listen 443 ssl;
server_name www.url.com;
return 301 https://url.com$request_uri;
ssl_certificate /etc/nginx/ssl/www.url.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/www.url.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_prefer_server_ciphers on;
}
server {
listen 443 ssl;
server_name url.com;
ssl_certificate /etc/nginx/ssl/www.url.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/www.url.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_prefer_server_ciphers on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/(images/|fonts/) {
proxy_pass http://XX.XXX.XXX.XXX;
root /var/www/node_app/public;
autoindex off;
}
location / {
proxy_pass http://XX.XXX.XXX.XXX:4000;
proxy_redirect off;
proxy_http_version 1.1;
}
}
After limitless digging the internet for solutions. I retrace by step. I make sure my app static files should be configured like this
app.use(express.static(__dirname + '/public'));
on your nginx config for available site. add the following
$ sudo nano /etc/nginx/sites-available/example.com
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
After this test your config and restart your server using this command
$ sudo nginx -t
And
sudo systemctl restart nginx
And make sure all your html static files are reference with the forward trailing slash. Like this
<!-- Custom styles -->
<link href="/css/bundle.min.css" rel="stylesheet">
You can also following the digital ocean link on configuring nodejs application on
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-18-04