How to configure NGINX as SSL proxy for WebSocket?

Dear All Member,

I tried many methods to config nginx as WebSocket proxy over SSL but it not working as expected. If I proxy over port 80 it working normally.

This is port 80 configuration:
location /ws {
        proxy_pass https://xxx.xxx.xxx.xxx:5066;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 6h;
        proxy_send_timeout 6h;
        client_body_timeout 6h;
        send_timeout 6h;
}

Open in new window


This is SSL configuration:

listen          443;
ssl             on;
server_name     vc3.crosswired.net;       
access_log      ssl-access.log;
error_log       ssl-error.log;
ssl_certificate      /etc/nginx/conf.d/ssl/net.crt;
ssl_certificate_key  /etc/nginx/conf.d/ssl/net.key;
ssl_protocols  SSLv2 SSLv3 TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
 ssl_session_timeout  10m;
location /ws {
                proxy_pass http://xxx.xxx.xxx.xxx:5066;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_read_timeout 6h;
                proxy_send_timeout 6h;
                client_body_timeout 6h;
                send_timeout 6h;
        }

Open in new window


Any suggestion?
LVL 1
Sida SayInfrastructure EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phil DavidsonCommented:
Is port 443 open?  I'm curious what the symptoms are.  Are there any error messages?
0
Sida SayInfrastructure EngineerAuthor Commented:
@Phil Davidson port 443 open. What I error message is WebRTC issue: Error 1004. I check all firewall.
0
gheistCommented:
what do logs say about response to upgrade command?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Phil DavidsonCommented:
I noticed that the "port 80 configuration" seems to use port 5066 via the URL.  The SSL configuration has this URL too.  However, the listener is on port 443.  I wonder if there needs to be a port forwarding configuration.  But my best guess is that there is an authentication inconsistency between the two configurations.

I believe that the 1004 error indicates that something is wrong with SSL.  I'm curious if the SSL that was presumably tested manually over port 80 was not using a different certificate.  Can you be sure that the certificates and authorized keys that were invoked with whatever success you had with the port 80 configuration were the same as those specified in the port 443 configuration?

Maybe something is inconsistent with these settings:
ssl_certificate      /etc/nginx/conf.d/ssl/net.crt;
ssl_certificate_key  /etc/nginx/conf.d/ssl/net.key;

Open in new window


If those settings aren't the same as the .crt and .key file with the working configuration, you may get a 1004 [authentication] error.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sida SayInfrastructure EngineerAuthor Commented:
@Phil Davidson I can make sure certificate and key are OK.
0
Phil DavidsonCommented:
I would double check the server name is correct.  If you try to authenticate to an incorrect server, that could explain the issue.
0
Sida SayInfrastructure EngineerAuthor Commented:
@Phil Davidson do you know about BigBlueButton, this what I working with.
0
Phil DavidsonCommented:
I'm not that familiar with BigBlueButton.  I'm sure you have contacted them about the problem.  Do you have the latest software from them?  Are your versions of Nginx and SSL compatible with the other technologies that you are using? I wouldn't deviate from the officially supported versions.
0
Sida SayInfrastructure EngineerAuthor Commented:
Not resolved
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.