Created
January 21, 2019 10:47
-
-
Save rgordeev/64aeb27f7c92f56d2cbf7a008258d4d8 to your computer and use it in GitHub Desktop.
Configure Nginx to handle WSS connections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First configure reverse proxy before server, | |
# that will transfer WSS inbound traffic to unsecure local server, namely: | |
server { | |
# This is your reqular configuration for SSL connections to website | |
# Set port to listen ssl connections | |
listen 443 ssl; | |
# Set hosts names to handle | |
server_name example.com www.example.com | |
# Set sertificate configuration | |
ssl_certificate_key /etc/ssl/private/example.com.key; | |
ssl_certificate /etc/ssl/private/example.com.crt.fullchain; | |
ssl_protocols TLSv1.2; | |
ssl_ciphers EECDH+AESGCM: EDH+AESGCM:AES2; | |
# ... | |
# Some other required instructions | |
# ... | |
# Add additional "location" section for Websockets requests handling | |
location /ws { | |
# redirect all traffic to localhost:8080; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
# proxy requests to localhost 8080 port | |
proxy_pass http://127.0.0.1:8080/; | |
# turn inner redirects off | |
proxy_redirect off; | |
# set timeout to read proxy server response | |
proxy_read_timeout 86400; | |
# enables WS support | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
# prevents 502 bad gateway error | |
proxy_buffers 8 32k; | |
proxy_buffer_size 64k; | |
# allow to reset connections on timeout | |
reset_timedout_connection on; | |
# configure access and error logs for ws connections | |
error_log /var/log/nginx/wss_error.log; | |
access_log /var/log/nginx/wss_access.log; | |
} | |
# ... | |
# configure access and error logs for whole server | |
error_log /var/log/nginx/https_error.log; | |
access_log /var/log/nginx/https_access.log; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment