Should I use nginx as a proxy for WAMP? - nginx

guys!
I build a chat application based on WebSocket. As backend I use PHP and nginx as a proxy for WebSocket connection.
Searching about PHP libs for WS gave me Ratchet. This tools support WAMP protocol. Something about it: http://wamp-proto.org/why/
Well, I've decided to use this protocol - it seems useful. I tuned nginx for proxy WebSocket connections in standard way. And for common using WebSocket at frontend/backend - all is ok.
But, if I start use WAMP at backend and try to use autobahn.js for WAMP at frontend, I catch 426 No Sec-WebSocket-Protocols requested supported as response every time. At PHP I see that connection from nginx is not receiving. So, as I understood, nginx doesn't process connection with WAMP subprotocol in right way.
So, I don't understand, should I use nginx as a proxy for WAMP? WAMP is just a subprotocol for WebSocket, but doesn't work for me.
Does anybody knows where problem is?

Seems like Nginx isn't forwarding the WebSocket subprotocol announced by the client to the backend WAMP router.
Try adding this to your Nginx conf:
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol
See: https://stackoverflow.com/a/36506746/884770

Related

Does grpc-web TLS requries any config on the client side?

I have been looking for this for a while now. Still not sure if Envoy and Nginx does all the TLS stuff for a web-gRPC client.
In my case, my Nginx config works well with gRPC client and server. However, it is not working for web-gRPC client.
Nginx is no longer being actively supported for grpc-web. The default proxy for grpc-web is Envoy. You should be able to set up TLS by setting some config with the envoy.yaml file. In particularly, look under the 'tls_context' section.

Is there a way to make nginx terminate a websocket connection and pass only the socket stream to a server?

Basically what I'm trying to do is have a secure websocket connection start life at a client, go through nginx where nginx would terminate the tls, and instead of just proxying the websocket connection to a server, have nginx handle the websocket upgrade and just send the socket stream data to a tcp server or a unix domain socket.
Is that possible with the existing nginx modules and configuration?
proxy_pass can connect to a server via a unix domain socket
proxy_pass http://unix:/tmp/backend.socket:/uri/;
But the implication is that it still speaks http over the unix domain socket and the server is responsible for handling the websocket upgrade. I'm trying to get nginx to do the upgrading so that only the raw socket stream data gets to my server.
Sorta like a mix between proxy_pass and fastcgi_pass.
Do I have to modify one of these modules to make that possible or is there some way to configure this to work?
So what I eventually came to realize is that proxies just proxy and don't parse protocols. There's nothing built into nginx (although mod_ws in apache might do it) that can actually process the websockets protocol, the nginx proxy function just forwards the stream to the back end server. I'm working on another approach for this as the hope of having the webserver do the heavy lifting is not going to work easily.

varnish nginx proxy protocol

I have this install from this guide https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8
is there any advantage for using proxoy protocol? from
https://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt
to this setup (I have varnish 5)
if so, what is the modification needed for the setup in the linode link above?
best.
To begin with, it will not be possible to use PROXY protocol in the linked setup.
Nginx supports PROXY protocol only on the client side (i.e. when there is another proxy forwarding requests to it). It doesn't support PROXY protocol with proxy_pass, where it would make more sense for Varnish + Nginx SSL setup. Sorry about that.

NGINX - Websocket client support

A quick question, Does Nginx support websocket client.
I have a webserver that uses NGINX and i use a websocket server for which NGINX acts as proxy. In the same port , can i use websocket client to initiate a connection with the external websocket server?
Yes, it does (since 1.3.13).
Have a look at the docs here and an example setup here

What is the benefit of using NginX for Node.js?

From what I understand Node.js doesnt need NginX to work as a http server (or a websockets server or any server for that matter), but I keep reading about how to use NginX instead of Node.js internal server and cant find of a good reason to go that way
Here http://developer.yahoo.com/yui/theater/video.php?v=dahl-node Node.js author says that Node.js is still in development and so there may be security issues that NginX simply hides.
On the other hand, in case of a heavy traffic NginX will be able to split the job between many Node.js running servers.
In addition to the previous answers, there’s another practical reason to use nginx in front of Node.js, and that’s simply because you might want to run more than one Node app on your server.
If a Node app is listening on port 80, you are limited to that one app. If nginx is listening on port 80 it can proxy the requests to multiple Node apps running on other ports.
It’s also convenient to delegate TLS/SSL/HTTPS to Nginx. Doing TLS directly in Node is possible, but it’s extra work and error-prone. With Nginx (or another proxy) in front of your app, you don’t have to worry about it and there are tools to help you securely configure it.
But be prepared: nginx don't support http 1.1 while talking to backend so features like keep-alive or websockets won't work if you put node behind the nginx.
UPD: see nginx 1.2.0 - socket.io - HTTP/1.1 - Proxy websocket connections for more up-to-date info.

Resources