Develop Reference

nginx as proxy for wss

real address => https://wssserver1/wss/
Only test1 able to access, try using proxy_pass for other testX able to browse wssserver1.
When I open it from test2
https://test1/wssserver1, it manage to update the header name but nothing appear.
error log show it direct wss path to localhost instead of wssserver1
/var/www/html/wss/ is not found.
My nginx config
test 1 nginx config
location /wssserver1 {
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header Host $proxy_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://wssserver1/;
proxy_redirect off;
proxy_buffering off;
proxy_read_timeout 999999999;
}

Nginx Reverse Proxy - websocket config to make Fortigate CLI interface work properly

I am trying to get my fortigate router's web interface behind my reverse proxy, not to be accessible from the internet, but to use my LetsEncrypt cert on my internal network. This is the config I'm using:
upstream websockets {
server 192.168.1.99:443;
}
server {
listen 443 ssl;
allow 192.168.1.0/24;
deny all;
server_name f60e.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "";
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Origin "";
proxy_pass_header X-XSRF-TOKEN;
proxy_pass https://192.168.1.99;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
client_max_body_size 1000m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /websockets/ {
proxy_pass https://websockets;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header Origin "";
}
}
Everything appears to work except for the "Edit in CLI" button. When I attempt to use it, the interface window comes up blank and after a few seconds it says "Connection lost" and I get this error in my browser console
GET https://f60e.walnuthomelab.com/favicon/site.webmanifest net::ERR_CONNECTION_TIMED_OUT
main.js:1
WebSocket connection to 'wss://f60e.walnuthomelab.com/ws/cli/open?cols=66&rows=34' failed:
createWebSocket # main.js:1

Websockets in NGINX not working with server with internet proxy: Error: No pong received in 3 seconds

I was trying to host flask application in NGINX which uses websockets.
It is working fine with the servers which do not use any proxy servers.
When it is hosted in a server that passes requests to proxy servers, client does not receive any message sent via websocket.
Initially none of the external API calls were working which started working when I added environ variable http_proxy and https_proxy for the service.
But the socket is still not working.
Got error: "no pong received in 3 seconds" in the server when trying to connect to websocket
This is what I get in browser
The following is the nginx configuration.
log_format upstreamlog '$server_name to: $upstream_addr [$request] '
'upstream_response_time $upstream_response_time '
'msec $msec request_time $request_time';
upstream socket_nodes {
ip_hash;
server 127.0.0.1:4000;
server 127.0.0.1:4001;
server 127.0.0.1:4002;
}
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/access.log upstreamlog;
add_header Strict-Transport-Security max-age=15768000;
location /static/* {
alias /file_path;
}
location / {
include uwsgi_params;
proxy_pass http://socket_nodes;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_buffer_size 16k;
proxy_busy_buffers_size 16k;
}
location /socket.io {
proxy_pass http://socket_nodes/socket.io;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

Try changing the socket configuration as below,
location /socket.io {
proxy_pass http://socket_nodes/socket.io;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

How to forward web-socket request to microservice using nginx

I wanted to forward the web-socket request to microservice using nginx.
I am hitting https://some-host/download-zip-service/downloadFile
By this, the calls are landing on download-zip-service and downloadFile API get the call.
in downloadFile I am using the socket to forward the request to microservice
but when I tried to call socket API from download-zip-service
I do something like var socket = io('https://some-host/download-zip-service/');
the calls are directly landing on
wss://some-host/socket.io/?EIO=3&transport=websocket&sid=12345678
instead of https://some-host/download-zip-service/socket.io/?EIO=3&transport=websocket&sid=12345678
as a reason, I explicitly added the root / path for download-zip-service.
Below is my NGINX.conf file
worker_processes 4;
events { worker_connections 1024; }
http {
sendfile on;
upstream download-zip-service {
server xx.xx.xx.xx:9012;
}
server {
listen 8765;
#Changed for implementing WEB Socket
location / {
proxy_pass http://download-zip-service/;
proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#new property added
proxy_request_buffering off;
proxy_buffering off;
}
location /download-zip-service/ {
proxy_pass http://download-zip-service/;
proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#socket timeout setting added
fastcgi_read_timeout 7200s;
send_timeout 7200s;
proxy_connect_timeout 7200s;
proxy_send_timeout 7200s;
proxy_read_timeout 7200s;
#new property added
proxy_request_buffering off;
proxy_buffering off;
}
}
}
I want to remove the root / path for download-zip-service.
and it should work with /download-zip-service/
Please let me know where I am doing mistake

Does nginx supports websocket with binary

I'm testing nginx by sending binary data(byte[]) using websocket connection and it doesn't work correctly. I used the following settings.
server {
listen 80;
client_max_body_size 2G;
server_name oracleapps.veeralab.com;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 84600s;
proxy_send_timeout 84600s;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_pass http://localhost:8080;
}
}