I have an SSL host on my apache server with the following in the VirtualHost:
<VirtualHost 217.147.92.100:443>
ServerName server.com
ServerAdmin email@email.com
DocumentRoot /somepath/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/something/fullchain.pem
SSLCertificateKeyFile /etc/something/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSLProxyEngine on
ProxyPass "/rtapi/" "ws://localhost:38120/"
ProxyPassReverse "/rtapi/" "ws://localhost:38120/"
<Directory /somepath/>
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
Good so far? Notice the proxypass for the /rtapi/ folder. Good ol' apache works a charm, as usual.
Now for our unhappy camper nginx from whom I ask much less:
server {
listen 45108 ssl;
ssl on;
ssl_certificate /etc/something/fullchain.pem;
ssl_certificate_key /etc/something/privkey.pem;
location / {
proxy_pass http://localhost:38120;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
All I'm looking for from nginx is to slap on an SSL wrapper on my websocket service and proxy it along.
I get:
2017/08/24 19:55:01 [error] 25018#0: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 71.192.225.239, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:38120/", host: "api.speedracing.tv:45108"
Which seems useful. Oh! My little websocket server must not be responding... but wait a second. Surely the server must be running because it accepts the proxied requests from apache. Clearly the logical conclusion is that nginx is the connection but I'm not really seeing why or how.