0

I'm getting clueless on this topic. I have a working websocket connection using Mosquitto on server_1 . The webapp that needs to publish the websocket data is in server_2 and is accessed behind a Nginx reverse proxy.

Now, in LAN everything works with unencrypted connection, but I need to encrypt it to publish it in internet, so I need to use the wss protocol.

I search for Nginx + Websocket tutorials and everyone mentions a http backend for the websocket (https://www.nginx.com/blog/websocket-nginx/). How can I set the http backend? I have only the "wss://..." Mosquitto address.

glass
  • 25
  • 1
  • 4

1 Answers1

0

Because a websocket connection is bootstrapped via HTTP you setup NGINX proxying just as you would for any other HTTP server and just make sure you are including the headers to allow the protocol upgrade.

Assuming you are doing the SSL termination in NGINX something like this:

server {                                                                                         
        listen 443;                                                                             
        listen [::]:443;                                                                        
                                                                                                 
        ssl on;                                                                                  
                                                                                                 
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;                       
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;                     
                                                                                                 
        server_name www.example.com example.com;                                             
                                                                                                 
        location / {                                                                             
                proxy_pass http://mqtt.broker:1883;                                                
                proxy_http_version 1.1;                                                          
                proxy_set_header Upgrade $http_upgrade;                                          
                proxy_set_header Connection "upgrade";                                           
        }                                                                                        
}
hardillb
  • 1,275
  • 1
  • 9
  • 19