Skip to content

Instantly share code, notes, and snippets.

@rgordeev
Created January 21, 2019 10:47
Show Gist options
  • Save rgordeev/64aeb27f7c92f56d2cbf7a008258d4d8 to your computer and use it in GitHub Desktop.
Save rgordeev/64aeb27f7c92f56d2cbf7a008258d4d8 to your computer and use it in GitHub Desktop.
Configure Nginx to handle WSS connections
# First configure reverse proxy before server,
# that will transfer WSS inbound traffic to unsecure local server, namely:
server {
# This is your reqular configuration for SSL connections to website
# Set port to listen ssl connections
listen 443 ssl;
# Set hosts names to handle
server_name example.com www.example.com
# Set sertificate configuration
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_certificate /etc/ssl/private/example.com.crt.fullchain;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM: EDH+AESGCM:AES2;
# ...
# Some other required instructions
# ...
# Add additional "location" section for Websockets requests handling
location /ws {
# redirect all traffic to localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy requests to localhost 8080 port
proxy_pass http://127.0.0.1:8080/;
# turn inner redirects off
proxy_redirect off;
# set timeout to read proxy server response
proxy_read_timeout 86400;
# enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
# allow to reset connections on timeout
reset_timedout_connection on;
# configure access and error logs for ws connections
error_log /var/log/nginx/wss_error.log;
access_log /var/log/nginx/wss_access.log;
}
# ...
# configure access and error logs for whole server
error_log /var/log/nginx/https_error.log;
access_log /var/log/nginx/https_access.log;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment