Nginx as forward proxy for secure websocket (ws -> wss) -
i have following setup:
+----------------------------+ +-----------------------------+ | | | | | | | | | | | | | +--------+ +--------+ | | +--------+ +-------+ | | | | | | | | | | | | | | | client | | nginx | | | | nginx | | server| | | | | | | | | | | | | | | | ws +-------> wss +-------------------------> wss +--------> ws | | | | | | | | | | | | | | | | | | | | | | | | | | | +--------+ +--------+ | | +--------+ +-------+ | | | | | | | | | +----------------------------+ +-----------------------------+
i want connect client server via secure websocket. not directly. client , server doesn't know security.
so client connects to: ws://localhost:6277/wstest
the client-side nginx listen on port 6277
. want nginx forward connection securely ws.example.com/wstest
.
the config of nginx is:
server { server_name localhost; listen 6277; location /wstest { proxy_ssl_certificate /etc/nginx/ssl/client.crt; proxy_ssl_certificate_key /etc/nginx/ssl/client.key; proxy_ssl_protocols tlsv1 tlsv1.1 tlsv1.2; proxy_ssl_ciphers high:!anull:!md5; proxy_ssl_session_reuse on; resolver 127.0.0.1; proxy_pass https://ws.example.com/wstest; proxy_http_version 1.1; proxy_set_header upgrade $http_upgrade; proxy_set_header connection $connection_upgrade; } }
the client-side setup doesn't work. client gives me following error: the http response server [500] did not permit http upgrade websocket
. , nginx gives me: "get /ocpp/cp-1/ws http/1.1" 500 193 "-" "-"
.
when bypass client-side nginx, client can connect directly (wss://ws.example.com/wstest
) server through server-side nginx, works fine.
the nginx on server-side converts wss ws , forwards connection server.
is there wrong client-side nginx configuration? transform wss ws nginx no problem. possible transform ws wss nginx?
everything worked expected. had set different resolver. example:
resolver 8.8.8.8;
Comments
Post a Comment