-
Notifications
You must be signed in to change notification settings - Fork 1k
Websocketd behind Nginx
Nginx allows using websocketsd to share the same port and host among different services or different "websocket endpoints", loadbalancing (failover) and SSL offloading. The examples show basic Nginx configurations according to the different environments, logically they can be combined together to adapt the settings to your needs.
When NGINX is used as a proxy, it can offload the SSL decryption processing from backend servers.
- domainssl.com (HTTPS webserver with "wss" links).
- wsbackend.com (HTTP Backend with the websocketd-endpoint).
WSS link in https://domainssl.com page. (/usr/share/nginx/html/).
var ws = new WebSocket('wss://domainssl.com:444/XX.sh');
Websocket-endpoint in wsbackend.com
websocketd --port=1080 XX.sh
Nginx Configuration in domainssl.com.
### HTML Files
server {
listen 443 ssl;
server_name domainssl.com;
ssl_certificate /etc/nginx/XX.cer;
ssl_certificate_key /etc/nginx/XX.key;
location / {
root /usr/share/nginx/html/;
allow all;
}
}
### WSS (front-end) to WS (backend)
server {
listen 444 ssl;
server_name domainssl.com;
ssl_certificate /etc/nginx/XX.cer;
ssl_certificate_key /etc/nginx/XX.key;
location / {
proxy_pass http://wsbackend.com:1080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
}
Like the previous example but with load balancing (round-robin) with 4 backend-nodes.
- domainssl.com (HTTPS webserver with wss links).
- Upstream backendlb (loadbalancing with HTTP websocketd-endpoints): wsbackend.com, wsbackend2.com, wsbackend3.com, wsbackend4.com.
WSS link in https://domainssl.com page. (/usr/share/nginx/html/)
var ws = new WebSocket('wss://domainssl.com:444/XX.sh');
Websocket-endpoints commands in wsbackend.com, wsbackend2.com
websocketd --port=1080 XX.sh
Websocket-endpoints commands in wsbackend3.com, wsbackend4.com.
websocketd --port=4445 XX.sh
Nginx Configuration in domainssl.com.
html {
### Lod balaning with 4 Nodes.
upstream backendlb {
server wsbackend.com:1080;
server wsbackend2.com:1080;
server wsbackend3.com:4445;
server wsbackend4.com:4445;
}
### HTML Files
server {
listen 443 ssl;
server_name domainssl.com;
ssl_certificate /etc/nginx/XX.cer;
ssl_certificate_key /etc/nginx/XX.key;
location / {
root /usr/share/nginx/html/;
allow all;
}
}
### Load balancing (WSS > WS) (4 backend-nodes).
server {
listen 444 ssl;
server_name domainssl.com;
ssl_certificate /etc/nginx/XX.cer;
ssl_certificate_key /etc/nginx/XX.key;
location / {
proxy_pass http://backendlb;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
}
}
Nginx Load-balancing methods: http://nginx.org/en/docs/http/load_balancing.html
- round-robin — requests to the application servers are distributed in a round-robin fashion.
- least-connected — next request is assigned to the server with the least number of active connections.
- ip-hash — a hash-function is used to determine what server should be selected for the next request (based on the client’s IP address).
- domainssl.com (HTTPS webserver with wss links).
- domainssl.com/socket1 (HTTP Backend with websocketd-endpoint in localhost with port 4445).
- domainssl.com/socket2 (HTTPS Backend with websocketd-endpoint in internet / LAN with port 3335).
WSS link in https://domainssl.com page. (/usr/share/nginx/html/)
var ws = new WebSocket('wss://domainssl.com/XX.sh');
Websocket-endpoints command in localhost.
websocketd --port=4445 XX.sh
Websocket-endpoints command in domain.com. (HTTPS)
websocketd --ssl --sslcert=FILE --sslkey=FILE --port=3335 XX.sh
Nginx Configuration in domainssl.com.
### HTML Files
server {
listen 443 ssl;
server_name domainssl.com;
ssl_certificate /etc/nginx/XX.cer;
ssl_certificate_key /etc/nginx/XX.key;
location / {
root /usr/share/nginx/html/;
allow all;
}
location /socket1 {
proxy_pass http://localhost:4445;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
location /socket2 {
proxy_pass https://domain.com:3335;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# ssl_verify_client on;
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
}
A host can have multiple ips. The websocket service with the option --address enables us to share the same port between different endpoints on the same host.
domainssl.com have 10.0.0.30 and 10.0.0.31
- domainssl.com (HTTPS webserver with wss links) .
- domainssl.com localhost (HTTP Backend with websocketd-endpoint in localhost with port 4445).
- domainssl.com 10.0.0.30 (HTTP Backend with websocketd-endpoint in 10.0.0.30 with port 4445).
- domainssl.com 10.0.0.31 (HTTP Backend with websocketd-endpoint in 10.0.0.31 with port 4445).
WSS link in https://domainssl.com page (/usr/share/nginx/html/).
var ws = new WebSocket('wss://domainssl.com/socket1/XX.sh');
var ws = new WebSocket('wss://domainssl.com/socket2/XX.sh');
var ws = new WebSocket('wss://domainssl.com/socket3/XX.sh');
Websocket-endpoints commands in domainssl.com
websocketd --address=localhost --port 4445 xx.sh
websocketd --address=10.0.0.30 --port 4445 xx.sh
websocketd --address=10.0.0.31 --port 4445 xx.sh
Nginx Configuration in domainssl.com.
### HTML Files
server {
listen 443 ssl;
server_name domainssl.com;
ssl_certificate /etc/nginx/XX.cer;
ssl_certificate_key /etc/nginx/XX.key;
location / {
root /usr/share/nginx/html/;
allow all;
}
location /socket1 {
proxy_pass http://localhost:4445;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
location /socket2 {
proxy_pass http://10.0.0.30:4455;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
location /socket3 {
proxy_pass http://10.0.0.33:4445;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Timeout configuration.
# proxy_redirect off;
# proxy_connect_timeout 300;
# proxy_send_timeout 300;
# proxy_read_timeout 300;
}
}
The websocketd user guide is a publicly editable wiki. Please contribute!
Getting Started
Reference
Language specific
Advanced: Internals
Spanish Websocket Wiki
Primeros pasos
Referencia
Lenguajes
Avanzado