i'm working with two Nginx one behind the each other.
Our Infraestructure it's like this infraestructure
Problem
I've problems with websocket connections, when i send the request to Nginx Proxy pass always return 404 but when i send the request to the final NGINX it works fine.
Logs in the FINAL NGINX
# when the request doesn't go through the NGINX PROXY PASS
# this is fine
<SOME-CLIENT-IP> - - [30/Sep/2021:13:46:02 +0000] "GET /cable HTTP/1.1" 101 22120 "-" "Mozilla/5.0 (Linux; Android 9; SM-A105M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Mobile Safari/537.36"
# when the request goes through the NGINX PROXY PASS
# this is wrong
<IP-NGINX-PROXY-PASS> - - [30/Sep/2021:13:46:09 +0000] "GET /cable HTTP/1.0" 301 14 "-" "Mozilla/5.0 (Linux; Android 11; SM-A505G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.105 Mobile Safari/537.36"
This only happens with Websockets connections endpoint /cable.
NGINX Proxy pass conf
server {
server_name domain.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_redirect off;
proxy_pass https://<IP-FINAL-NGINX>;
}
location /cable {
proxy_pass http://<IP-FINAL-NGINX>;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
if ($host != "domain.com") {
return 404;
}
}
server {
server_name www.domain.com;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
return 301 example.com$request_uri;
}
server {
server_name domain.com;
listen 80;
return 301 https://<IP-FINAL-NGINX>$request_uri;
}
server {
server_name domain.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_redirect off;
proxy_pass https://<IP-FINAL-NGINX>;
}
location /cable {
proxy_pass http://<IP-FINAL-NGINX>;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
listen [::]:31117 ssl http2 ipv6only=on;
listen 31117 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
if ($host != "domain.com") {
return 404;
}
}
server {
server_name www.domain.com;
listen 31117 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
return 301 example.com$request_uri;
}
server {
server_name domain.com;
listen 30723;
return 301 https://<IP-FINAL-NGINX>$request_uri;
}
Final NGINX - this connects with the final app
upstream myapp {
server unix:/var/www/myapp/current/tmp/sockets/puma.sock fail_timeout=30s;
}
server {
server_name domain.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_redirect off;
proxy_pass http://myapp;
}
location /cable {
# this endpoint '/cable' handles websocket's connections
proxy_pass http://myapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location ~ ^/(assets|img|static|favicon)/ {
root /var/www/nulinga/current/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($host != "domain.com") {
return 404;
}
error_page 502 503 504 =503 /503.html;
error_page 404 =404 /404.html;
location = /503.html {
root /var/www/myapp/current/public;
allow all;
internal;
}
location = /404.html {
root /var/www/myapp/current/public;
allow all;
internal;
}
}
server {
server_name www.domain.com;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 example.com$request_uri;
}
server {
server_name domain.com www.domain.com;
listen 80;
return 301 example.com$request_uri;
}
