SSL with websocket

Question

SSL with websocket

MokkeMeguru opened this issue 6 years ago · 3 comments

Hello!
I published my apps using luminus in my server which is used Nginx.
So I'd referenced "Nginx SSL config" in http://www.luminusweb.net/docs/deployment.md

I noticed that it would be better to write the following code to use WebSocket. (Without this I could not successfully run the app)

...
    error_log /var/log/myapp_error.log;

 # If you use websocket in https, add below two lines.
 proxy_set_header Upgrade $http_upgrade; ###
 proxy_set_header Connection "Upgrade";   ###
  
  location / {
...

Can you add this in the document?

Answer 1 · 2018-07-19T03:16:20.000Z

Thanks, I updated the Nginx config example to note the ws config cb47791

Answer 2 · 2018-07-19T05:59:41.000Z

I'm sorry. My explanation was not good.
In other words, I want you to rewrite it as follows.

Nginx SSL config
To use Nginx as your SSL proxy you'll want to update the configuration in /etc/nginx/sites-available/default as follows:

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name localhost mydomain.com www.mydomain.com;

    ssl_certificate           /etc/letsencrypt/live/<yoursite.com>/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/<yoursite.com>/privkey.pem;

    ssl on;
    ssl_prefer_server_ciphers  on;
    ssl_session_timeout        180m;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'AES256+EECDH:AES256+EDH';
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    add_header Strict-Transport-Security 'max-age=31536000';

    access_log /var/log/myapp_access.log;
    error_log /var/log/myapp_error.log;

     # If you use websocket over https, add below two lines.
    proxy_set_header Upgrade $http_upgrade; ###
    proxy_set_header Connection "Upgrade";   ###

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:3000;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:3000 https://mydomain.com;
    }
  }

Answer 3 · 2018-07-19T12:05:34.000Z

My bad, I ended up adding it to the wrong Nginx example. Moved it to the SSL one.