SSL with websocket
MokkeMeguru opened this issue · 3 comments
MokkeMeguru commented
Hello!
I published my apps using luminus in my server which is used Nginx.
So I'd referenced "Nginx SSL config" in http://www.luminusweb.net/docs/deployment.md
I noticed that it would be better to write the following code to use WebSocket. (Without this I could not successfully run the app)
...
error_log /var/log/myapp_error.log;
# If you use websocket in https, add below two lines.
proxy_set_header Upgrade $http_upgrade; ###
proxy_set_header Connection "Upgrade"; ###
location / {
...
Can you add this in the document?
MokkeMeguru commented
I'm sorry. My explanation was not good.
In other words, I want you to rewrite it as follows.
Nginx SSL config
To use Nginx as your SSL proxy you'll want to update the configuration in /etc/nginx/sites-available/default as follows:
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name localhost mydomain.com www.mydomain.com;
ssl_certificate /etc/letsencrypt/live/<yoursite.com>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<yoursite.com>/privkey.pem;
ssl on;
ssl_prefer_server_ciphers on;
ssl_session_timeout 180m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security 'max-age=31536000';
access_log /var/log/myapp_access.log;
error_log /var/log/myapp_error.log;
# If you use websocket over https, add below two lines.
proxy_set_header Upgrade $http_upgrade; ###
proxy_set_header Connection "Upgrade"; ###
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
proxy_redirect http://localhost:3000 https://mydomain.com;
}
}
yogthos commented
My bad, I ended up adding it to the wrong Nginx example. Moved it to the SSL one.