All geek questions in one place

Socket.io with NGINX and https2

I have an application node.jsthat is being served NGINX. I cannot connect socket.io and continue to receive 404 for POST requests to establish a connection.

It works locally, so there should be a problem NGINX.

  # HTTP - redirect all requests to HTTPS:
  server {
     listen 80;
     listen [::]:80;
     return 301 https://$host$request_uri;
  }
  # HTTPS - proxy requests on to local Node.js app:
  server {
     listen 443 ssl http2;
     server_name example.com;
     ssl on;
     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_prefer_server_ciphers on;
     ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
     location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://127.0.0.1:8080;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
     }
}

Thanks for any help.

+4
source share
2 answers

Since Websockets use the header Upgradeprovided in HTTP 1.1, you will need to specifically use this protocol in your route and set the header Connectionto Upgrade.

You also need to specify a directive proxy_passwith a unique name.

:

upstream sockets {
  server localhost:8080;
}

# HTTP - redirect all requests to HTTPS:
server {
  listen 80;
  listen [::]:80;
  return 301 https://$host$request_uri;
}

# HTTPS - proxy requests on to local Node.js app:
server {
     listen 443 ssl http2;
     server_name example.com;
     ssl on;
     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_prefer_server_ciphers on;
     ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

     location / {

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $host;

        proxy_pass http://sockets;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_http_version 1.1;
        proxy_ssl_session_reuse off;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
     }

}
+1

NGINX.

https://www.nginx.com/blog/websocket-nginx/

enter chttp {
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream websocket {
    server 192.168.100.10:8010;
}

server {
    listen 8020;
    location / {
        proxy_pass http://websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

}

0

Source: https://habr.com/ru/post/1678151/

More articles:


All Articles