Tham gia Đăng nhập
Điểm:0
Nicolás Tomassi avatar Server

Nginx revere proxy Websocket error 404

lá cờ cn
Nicolás Tomassi

i'm working with two Nginx one behind the each other.

Our Infraestructure it's like this infraestructure

Problem

I've problems with websocket connections, when i send the request to Nginx Proxy pass always return 404 but when i send the request to the final NGINX it works fine.

Logs in the FINAL NGINX
# when the request doesn't go through the NGINX PROXY PASS
# this is fine
<SOME-CLIENT-IP> - - [30/Sep/2021:13:46:02 +0000] "GET /cable HTTP/1.1" 101 22120 "-" "Mozilla/5.0 (Linux; Android 9; SM-A105M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Mobile Safari/537.36"

# when the request goes through the NGINX PROXY PASS
# this is wrong
<IP-NGINX-PROXY-PASS> - - [30/Sep/2021:13:46:09 +0000] "GET /cable HTTP/1.0" 301 14 "-" "Mozilla/5.0 (Linux; Android 11; SM-A505G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.105 Mobile Safari/537.36"

This only happens with Websockets connections endpoint /cable.

NGINX Proxy pass conf

server {
  server_name domain.com;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header  X-Forwarded-Ssl on; # Optional
    proxy_set_header  X-Forwarded-Port $server_port;
    proxy_set_header  X-Forwarded-Host $host;
    proxy_redirect off;
    proxy_pass https://<IP-FINAL-NGINX>;
  }

  location /cable {
    proxy_pass http://<IP-FINAL-NGINX>;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
   }

  listen [::]:443 ssl http2 ipv6only=on;
  listen 443 ssl http2; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  if ($host != "domain.com") {
    return 404;
  }
}

server {
  server_name www.domain.com;
  
  listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  return 301 example.com$request_uri;
}

server {
  server_name domain.com;
  listen 80;

  return 301 https://<IP-FINAL-NGINX>$request_uri;
}

server {
  server_name domain.com;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header  X-Forwarded-Ssl on; # Optional
    proxy_set_header  X-Forwarded-Port $server_port;
    proxy_set_header  X-Forwarded-Host $host;
    proxy_redirect off;
    proxy_pass https://<IP-FINAL-NGINX>;
  }

  location /cable {
    proxy_pass http://<IP-FINAL-NGINX>;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
   }

  listen [::]:31117 ssl http2 ipv6only=on;
  listen 31117 ssl http2; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  if ($host != "domain.com") {
    return 404;
  }
}

server {
  server_name www.domain.com;
  
  listen 31117 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  return 301 example.com$request_uri;
}


server {
  server_name domain.com;
  listen 30723;

  return 301 https://<IP-FINAL-NGINX>$request_uri;
}

Final NGINX - this connects with the final app

upstream myapp {
  server unix:/var/www/myapp/current/tmp/sockets/puma.sock fail_timeout=30s;
}

server {
  server_name domain.com;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header  X-Forwarded-Ssl on; # Optional
    proxy_set_header  X-Forwarded-Port $server_port;
    proxy_set_header  X-Forwarded-Host $host;
    proxy_redirect off;
    proxy_pass http://myapp;
  }

   location /cable {
    # this endpoint '/cable' handles websocket's connections
    proxy_pass http://myapp;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
   }
 
  location ~ ^/(assets|img|static|favicon)/ {
    root /var/www/nulinga/current/public;

    gzip_static  on;
    expires max;
    add_header Cache-Control public;
  }
  
  listen [::]:443 ssl http2 ipv6only=on;
  listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  if ($host != "domain.com") {
    return 404;
  }
  
  error_page 502 503 504 =503 /503.html;
  error_page 404 =404 /404.html;
  
  location = /503.html {
    root /var/www/myapp/current/public;
    allow all;
    internal;
  }

  location = /404.html {
    root /var/www/myapp/current/public;
    allow all;
    internal;
  }


}

server {
  server_name www.domain.com;
  
  listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  return 301 example.com$request_uri;


}

server {
  server_name domain.com www.domain.com;
  listen 80;

  return 301 example.com$request_uri;
}
246
0 + 0
lá cờ ro
msonowal
bạn đã tìm ra nguyên nhân chính xác chưa?
0
Hồi đáp
lá cờ VietNam
Phan Văn Trường
Câu hỏi này là trong các ngôn ngữ khác:

Đăng câu trả lời

Hầu hết mọi người không hiểu rằng việc đặt nhiều câu hỏi sẽ mở ra cơ hội học hỏi và cải thiện mối quan hệ giữa các cá nhân. Ví dụ, trong các nghiên cứu của Alison, mặc dù mọi người có thể nhớ chính xác có bao nhiêu câu hỏi đã được đặt ra trong các cuộc trò chuyện của họ, nhưng họ không trực giác nhận ra mối liên hệ giữa câu hỏi và sự yêu thích. Qua bốn nghiên cứu, trong đó những người tham gia tự tham gia vào các cuộc trò chuyện hoặc đọc bản ghi lại các cuộc trò chuyện của người khác, mọi người có xu hướng không nhận ra rằng việc đặt câu hỏi sẽ ảnh hưởng—hoặc đã ảnh hưởng—mức độ thân thiện giữa những người đối thoại.