Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to setup nginx as nodejs/socket.io reverse proxy over SSL
upstream upstream-apache2 {
server 127.0.0.1:8080;
}
upstream upstream-nodejs {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name mydomain.com www.mydomain.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl;
ssl on;
server_name mydomain.com www.mydomain.com;
access_log /var/log/nginx/access-ssl.log;
error_log /var/log/nginx/error-ssl.log;
ssl_certificate /etc/nginx/ssl/wasmycertificate.crt;
ssl_certificate_key /etc/nginx/ssl/mycertificate.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
large_client_header_buffers 8 32k;
location / {
proxy_pass http://upstream-apache2;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
}
location /socket.io/ {
proxy_pass http://upstream-nodejs;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
@CWFranklin

This comment has been minimized.

Copy link

commented May 1, 2019

Made a few tweaks to get it working with Certbot and not sure what's so different about your config to the one I had before other than that I wasn't separating /socket.io/ traffic but this led me to a working config after days of trying. Just wanted to say thanks <3
For some reason what was working locally wasn't working on my server.

@kylezinter

This comment has been minimized.

Copy link

commented May 3, 2019

@CWFranklin Can you share what you ended getting to that worked? I'm having an issue that sounds very similar and also using Certbot.

@zsimo

This comment has been minimized.

Copy link

commented May 15, 2019

location /socket.io/ works for me, thanks!

@outbreak

This comment has been minimized.

Copy link

commented Jun 18, 2019

const nsp = io.of('/my-namespace')

nsp.use((socket, next) => {
  socket.handshake.address = socket.handshake.headers['x-real-ip']
    && socket.handshake.headers['x-real-ip']

  next()
})

nsp.on('connect', (socket) => {
  console.log('real ip', socket.handshake.address) // your real ip address
})
@eadsjr

This comment has been minimized.

Copy link

commented Jun 21, 2019

It might be worth mentioning that SSLv3 and TLSv1 are considered insecure now, and should probably be dropped from examples people are going to use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.