Help with the Nginx proxy for WebSocket

Question

Help with the Nginx proxy for WebSocket

Need help with setting up the configurations.

The ISP manager server panel has Nginx installed on sites that have SSL certificates.

I use the Ratchet library to work with WebSocket, it does not support working with SSL. It turns out that you need to make a proxy...

I opened port 4444 (I checked telnet-it works), started the WebSocket server and it works if you contact it directly.

Nginx main file configurations /etc/nginx/nginx.conf

user  apache;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  30;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/vhosts/*/*.conf;

    server {
        server_name localhost;
        disable_symlinks if_not_owner;
        listen 80;
        listen [::]:80;
        include /etc/nginx/vhosts-includes/*.conf;
        location @fallback {
            error_log /dev/null crit;
            proxy_pass http://127.0.0.1:8080;
            proxy_redirect http://127.0.0.1:8080 /;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            access_log off ;
        }


    }
    client_max_body_size 10m;
    server_names_hash_bucket_size 128;
}

Configuration the Nginx file for the site:

erver {
    server_name site.ru *.site.ru www.site.ru;
    charset off;
    index index.html index.php;
    disable_symlinks if_not_owner from=$root_path;
    include /etc/nginx/vhosts-includes/*.conf;
    include /etc/nginx/vhosts-resources/site.ru/*.conf;
    access_log /var/www/httpd-logs/site.ru.access.log;
    error_log /var/www/httpd-logs/site.ru.error.log notice;
    ssi on;
    return 301 https://$host:443$request_uri;
    set $root_path /var/www/site/data/www/site.ru;
    root $root_path;
    listen 91.215.129.119:80;
    location / {
        location ~ [^/]\.ph(p\d*|tml)$ {
            try_files /does_not_exists @fallback;
        }
        location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
            try_files $uri $uri/ @fallback;
        }
        location / {
            try_files /does_not_exists @fallback;
        }
    }
    location @fallback {
        proxy_pass http://127.0.0.1:8080;
        proxy_redirect http://127.0.0.1:8080 /;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        access_log off;
    }
    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
}
server {
    server_name site.ru *.site.ru www.site.ru;
    ssl on;
    ssl_certificate "/var/www/httpd-cert/site/site_le1.crtca";
    ssl_certificate_key "/var/www/httpd-cert/site/site_le1.key";
    ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    add_header Strict-Transport-Security "max-age=31536000;";
    ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
    charset off;
    index index.html index.php;
    disable_symlinks if_not_owner from=$root_path;
    include /etc/nginx/vhosts-includes/*.conf;
    include /etc/nginx/vhosts-resources/site.ru/*.conf;
    access_log /var/www/httpd-logs/site.ru.access.log;
    error_log /var/www/httpd-logs/site.ru.error.log notice;
    ssi on;
    set $root_path /var/www/site/data/www/site.ru;
    root $root_path;
    listen 91.215.129.119:443;
    location / {
        location ~ [^/]\.ph(p\d*|tml)$ {
            try_files /does_not_exists @fallback;
        }
        location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
            try_files $uri $uri/ @fallback;
        }
        location / {
            try_files /does_not_exists @fallback;
        }
    }
    location @fallback {
        proxy_pass http://127.0.0.1:8080;
        proxy_redirect http://127.0.0.1:8080 /;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        access_log off;
    }
    location /websocket/ {
        proxy_pass http://127.0.0.1:4444;
        proxy_redirect http://127.0.0.1:4444 /;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        access_log off;
    }
    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
}

I honestly say I was already exhausted, I did not find a normal and understandable explanation in the work of the proxy and settings.

The only thing I found, with the current settings at the address https://site.ru/websocket/ opens a 502 error (writes about it on the page), but when you start the websocket server, it does not show anything on the page, and in the console it shows GET https://site.ru/websocket/ 505 (HTTP Version not supported)...

I can't figure out how to configure it... help...

1

php nginx proxy ispmanager

Author: Alexander Sizintsev, 2017-12-12

Source

1 answers

score 3 · Accepted Answer

I solved the problem myself (I almost suffered for a month)

Here is the configuration of the WebSocket connection via SSL using the Ratchet library, the server with the ISP Manager panel via Nginx+PHP:

First of all, we open the port in Brandmaur, I opened port 4444.

In the main Nginx config /etc/nginx/nginx.conf, enter:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }
    upstream websocket {
      server IP_вашего_сервера:4444;
    }

And also so that the user does not turn off quickly

keepalive_timeout 86400;
proxy_connect_timeout 86400;
proxy_send_timeout 86400;
proxy_read_timeout 86400;

In the Nginx config of the site /etc/nginx/vhosts/site. ru/site. ru. conf in the server block, add:

location /websocket {
            proxy_pass http://websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

I'll explain upstream websocket {...}, where websocket can be any name you want, but be sure to use the same name in the configuration for the site in location /websocket {proxy_pass http://websocket; ...} otherwise it will not work!

When connecting to WebSocket via JS, we use the following link construction:

var conn = new WebSocket('wss://site.ru/websocket');

I hope I explained it clearly!