I have a Node.js server using node-spdy to run a SPDY server (with HTTP fallback) in { plain: true, ssl: false } mode.
On top of the Node.js server sits Nginx serving and caching static files and proxying requests to Node.js.
On top of Nginx sits HAProxy balancing the load.
When I first implemented SPDY I just used node-spdy to do the SSL encryption inside Node.js, but know I'd like to use HAProxy to terminate SSL and speak plain SPDY or HTTP inside my network. I'm not sure if Nginx can handle non-encrypted SPDY frames.
Any help configuring Nginx and HAProxy to do just that is very much appreciated. Thanks.
Nginx can handle non-encrypted SPDY frame. Simply use "listen" directive without "ssl" part:
listen 8000 spdy;
"HAproxy (SSL termination) -> Nginx (SPDY) -> your network (HTTP)" setup is described at https://kura.io/2013/07/15/haproxy-nginx-and-spdy-with-ssl-termination-debian-7/
Related
I want to use Nginx to expose my NodeJS server listening on port 443.
I don't want to manage the SSL certificate with Nginx. I would rather do that on the NodeJS server using the SNICallback option of https.createServer.
How do I setup the nginx.conf to support this?
You're looking for ssl pass-through. You'll set up your nginx to use TCP load balancing (even if you only have one server it's still thought of as load balancing) and ssl passthrough.
Note that nginx will be unable to access any of the content and that you will lose almost all of the advantages of using a proxy other than the ability to do load balancing.
See these instructions for a specific configuration example.
You can configure nginx to pass the encrypted traffic to the node.js server.
stream {
server {
listen 443;
proxy_pass your.node.js:443;
}
}
Note that you will have no access-log or any other means of access to the data.
So I've already done my research and figured out that socket.io only works with cloudflare if you use set ports found that here
So through that research I found that http and https can't use the same port. I'm coming here to as you guys how do you get a socketio server to listen on two ports? So it can support http and https with cloudflare
The common method is referred to as an SSL Termination Proxy (also called SSL off-loading). The proxy accepts incoming messages over HTTPS and passes the decrypted requests to another resource (another server, web service/API, etc.). This would allow your Node.js application utilizing socketio to handle all requests, no matter if the client made an HTTP or HTTPS request. Software like NGINX, Apache, and even Microsoft IIS are capable of providing this functionality.
Here are some links regarding this topic:
General Info: https://en.wikipedia.org/wiki/TLS_termination_proxy
NGINX: https://www.nginx.com/resources/admin-guide/nginx-ssl-termination/
NGINX: https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/
HAProxy: https://www.digitalocean.com/community/tutorials/how-to-implement-ssl-termination-with-haproxy-on-ubuntu-14-04
IIS: https://blogs.iis.net/wonyoo/ssl-off-loading-in-application-request-routing
I have read that proxies can be created by Nginx server for nodejs application to listen on but I am doubtful as to what exactly this will serve additional purpose and advantages compared to http module provide by nodejs for listening purpose.
For one, you can serve multiple Node applications on one server, with host based virtual servers managed by nginx, so that requests to the same port but with different Host: HTTP header reach different Node applications.
Also nginx can be set up to serve static assets without hitting your Node app and do some caching if you need it.
Those are two things that you can achieve with adding nginx to the mix but you may not need that in your case. Also, you can run a reverse proxy with Node and without nginx if that's what you prefer.
I am using express with node and nginx as a reverse proxy. I'd like to know how to take advantage of http/2 with nginx to serve static content, with all other requests being forwarded to the express API.
At the moment, my express server is being served via http/1 and nginx is accepting http/2 connections, and forwarding them to express. How do I set up nginx so that it uses http/2 to serve everything in my statics folder, but forwards all requests to the API as http1?
I will break your questions into two parts:
How to take advantages of http/2.0 to serve static files from nginx?
How to setup nginx to send http/1.1 request to the backend server in case where nginx act as a reverse proxy?
Answer 1:
For the case of serving static files the major performance benefit can come from using the multiplexing feature of the http/2.0 protocol.
Multiplexing enhances the pipelining feature introduced in http/1.1 and overcomes the problem of HOL blocking. With multiplexing you can use the same underlying TCP connection to load multiple resources in parallel using one http connection. You should also consider the stream prioritisation to assign priority to the resource which you want to load first on the page otherwise loading of some of the critical resources can be delayed since all the resources will contend for same multiplexed connection.
Answer 2:
Sending http/1.1 request to the backend server is the default behaviour. So if you have already configured nginx to use http/2.0 you do not have to do anything special to proxy http/1.1 request to your backend. This is because nginx does not support http/2.0 in proxy module as of now. Refer to this ticket. Also, please check this digital ocean tutorial which will guide you to setup nginx with http/2.0 configured on ubuntu 16.04.
I'm going to use Socket.IO to handle websockets or XHR-polling to implement a realtime app
which is on the top of node.js.
Many people are so into proxying their node.js server and
I don't understand the true meaning of proxy except security reasons.
Is there other reason to set proxy to handle node?
I'm currently using nginx 1.1 as a webserver and proxy server.
Unfortunately, I have found that nginx 1.1 can support HTTP 1.1 but not websockets.
Should I just use Socket.IO without proxying?
Or If I really need to do it so, how can I set up proxying websockets with nginx or other alternatives?
You may have noticed that you can only run one server on any given TCP port. If you want to use node.js and any other web server, then you'll want to have a proxy server to send client requests to the correct backend server.