Nginx as forward proxy for secure websocket (ws -> wss) -


i have following setup:

+----------------------------+                +-----------------------------+ |                            |                |                             | |                            |                |                             | |                            |                |                             | |   +--------+   +--------+  |                |  +--------+     +-------+   | |   |        |   |        |  |                |  |        |     |       |   | |   | client |   |  nginx |  |                |  |  nginx |     | server|   | |   |        |   |        |  |                |  |        |     |       |   | |   |   ws +-------> wss +-------------------------> wss +--------> ws  |   | |   |        |   |        |  |                |  |        |     |       |   | |   |        |   |        |  |                |  |        |     |       |   | |   +--------+   +--------+  |                |  +--------+     +-------+   | |                            |                |                             | |                            |                |                             | +----------------------------+                +-----------------------------+ 

i want connect client server via secure websocket. not directly. client , server doesn't know security.

so client connects to: ws://localhost:6277/wstest

the client-side nginx listen on port 6277. want nginx forward connection securely ws.example.com/wstest.

the config of nginx is:

server {      server_name localhost;     listen 6277;      location /wstest {          proxy_ssl_certificate         /etc/nginx/ssl/client.crt;         proxy_ssl_certificate_key     /etc/nginx/ssl/client.key;         proxy_ssl_protocols           tlsv1 tlsv1.1 tlsv1.2;         proxy_ssl_ciphers             high:!anull:!md5;          proxy_ssl_session_reuse on;          resolver 127.0.0.1;         proxy_pass https://ws.example.com/wstest;          proxy_http_version 1.1;         proxy_set_header upgrade $http_upgrade;         proxy_set_header connection $connection_upgrade;     } } 

the client-side setup doesn't work. client gives me following error: the http response server [500] did not permit http upgrade websocket. , nginx gives me: "get /ocpp/cp-1/ws http/1.1" 500 193 "-" "-".

when bypass client-side nginx, client can connect directly (wss://ws.example.com/wstest) server through server-side nginx, works fine.

the nginx on server-side converts wss ws , forwards connection server.

is there wrong client-side nginx configuration? transform wss ws nginx no problem. possible transform ws wss nginx?

everything worked expected. had set different resolver. example:

resolver 8.8.8.8; 

Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -