websocket was blocked by Nginx server

Jason Yu
Jason Yu used Ask the Experts™
on
I have a nginx server sitting before a java application server.  The java application uses some websocket to connect to the clients.

I followed this article to update the nginx configurations. However, the application still not working properly. After I log into the application for a few seconds, i was kicked out from the web application. Any idea of this?

thanks.

https://chrislea.com/2013/02/23/proxying-websockets-with-nginx/



server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        # server_name  localhost;
        # root         /usr/share/nginx/html;

        server_name  localhost;
        #root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        proxy_pass http://10.104.0.104;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        }
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2015
Commented:
Probably backend sends own hostname in other parameter than host header....

Author

Commented:
could you explain a little bit more, I couldn't understand what you said.

thanks.
Top Expert 2015

Commented:
Can you post relevant log lines to prove that you will be able to understand if I detail more?
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Author

Commented:
I am not sure which log file you need, do you need nginx server's log file or java application log file?

I have java file as below:

08-21-2016 00:00:04 DEBUG MessageDatabase:1304 - Checkpoint started.
08-21-2016 00:00:04 DEBUG MessageDatabase:1439 - Checkpoint done.
08-21-2016 00:00:09 DEBUG MessageDatabase:1304 - Checkpoint started.
08-21-2016 00:00:09 DEBUG MessageDatabase:1439 - Checkpoint done.
08-21-2016 00:00:14 DEBUG MessageDatabase:1304 - Checkpoint started.
08-21-2016 00:00:14 DEBUG MessageDatabase:1439 - Checkpoint done.
08-21-2016 00:00:18 DEBUG Queue:827 - queue://rt_messages expiring messages ..
08-21-2016 00:00:18 DEBUG Queue:1740 - rt_messages toPageIn: 0, Inflight: 0, pagedInMessages.size 0, enqueueCount: 0, dequeueCount: 0
08-21-2016 00:00:18 DEBUG Queue:835 - queue://rt_messages expiring messages done.
08-21-2016 00:00:18 DEBUG Queue:827 - queue://rt_messages expiring messages ..
08-21-2016 00:00:18 DEBUG Queue:1740 - rt_messages toPageIn: 0, Inflight: 0, pagedInMessages.size 0, enqueueCount: 0, dequeueCount: 0
08-21-2016 00:00:18 DEBUG Queue:835 - queue://rt_messages expiring messages done.
08-21-2016 00:00:18 DEBUG Queue:827 - queue://endOfDay expiring messages ..
08-21-2016 00:00:18 DEBUG Queue:1740 - endOfDay toPageIn: 0, Inflight: 0, pagedInMessages.size 0, enqueueCount: 2, dequeueCount: 2
08-21-2016 00:00:18 DEBUG Queue:835 - queue://endOfDay expiring messages done.
08-21-2016 00:00:18 DEBUG Queue:827 - queue://endOfDay expiring messages ..
08-21-2016 00:00:18 DEBUG Queue:1740 - endOfDay toPageIn: 0, Inflight: 0, pagedInMessages.size 0, enqueueCount: 2, dequeueCount: 2
08-21-2016 00:00:18 DEBUG Queue:835 - queue://endOfDay expiring messages done.
08-21-2016 00:00:19 DEBUG MessageDatabase:1304 - Checkpoint started.
08-21-2016 00:00:19 DEBUG MessageDatabase:1439 - Checkpoint done.
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/css/**'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/js/**'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/images/**'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/**/favicon.ico'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/error'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/magento/**'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
08-21-2016 00:00:24 DEBUG HttpSessionSecurityContextRepository:140 - No HttpSession currently exists
08-21-2016 00:00:24 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: null. A new one will be created.
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 4 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/logout'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 5 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:127 - Request 'GET /styles/main.css' doesn't match 'POST /login
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 6 of 13 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 7 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 8 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 9 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
08-21-2016 00:00:24 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90556c3e: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1de6: RemoteIpAddress: 10.104.10.4; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 10 of 13 in additional filter chain; firing Filter: 'CorsFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
08-21-2016 00:00:24 DEBUG FilterChainProxy:337 - /styles/main.css at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/pressop'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/finisinghop'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/shippingop'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/login'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/#/**'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/bower_components/**'
08-21-2016 00:00:24 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/styles/main.css'; against '/styles/**'
08-21-2016 00:00:24 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /styles/main.css; Attributes: [permitAll]
"averyRoll.log" 139399L, 17090915C
Top Expert 2015

Commented:
It is NOT nginx access/error log.

Author

Commented:
Dear esteem experts, I got it resolved by adding the following four lines.  Although I resolved it by adding these four lines, but I still don't understand the reason why it created this issue. Could anyone explain this to me? The issue was we was able to log into the java web application, but after logged in, we were kicked out right away. By adding the following four lines, we resolved the problem.

thank you.

        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;


[root@nginxserver jyu]# vi /etc/nginx/nginx.conf

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    index   index.html index.htm;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        # server_name  localhost;
        # root         /usr/share/nginx/html;

        server_name  localhost;
        #root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        proxy_pass http://10.104.0.104;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;

        # added by jason for Ufuk
        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;
        }

        # redirect server error pages to the static page /40x.html
        #
        error_page 404 /404.html;
            location = /40x.html {
        }
Top Expert 2015

Commented:
Incomplete input incomplete answer.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial