Created
August 8, 2013 21:30
-
-
Save olekukonko/6188952 to your computer and use it in GitHub Desktop.
Different websocket connection HA Proxy vs Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#### HA Proxy | |
// PROXY BASED ON SUB-DOMAIN | |
frontend public | |
bind *:80 | |
acl is_websocket hdr_end(host) -i ws.example.com | |
use_backend ws if is_websocket | |
default_backend www | |
backend www | |
timeout server 30s | |
server www1 127.0.0.1:8080 | |
backend ws | |
timeout server 600s | |
server ws1 127.0.0.1:8000 | |
// 2. PROXY BASED ON URI | |
frontend public | |
bind *:80 | |
acl is_example hdr_end(host) -i example.com | |
acl is_websocket path_beg -i /websockets | |
use_backend ws if is_websocket is_example | |
default_backend www | |
// PROXY USING WEBSOCKET DETECTION | |
frontend public | |
bind *:80 | |
acl is_websocket hdr(Upgrade) -i WebSocket | |
acl is_websocket_server hdr_end(host) -i ws.example.com | |
use_backend ws if is_websocket is_websocket_server | |
default_backend www | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#### Nginx | |
// WebSocket Proxy | |
Simple forwarding of unencrypted HTTP and WebSocket to a different host: | |
server { | |
listen 80; | |
server_name ws.example.com; | |
location / { | |
access_log off; | |
proxy_pass http://ws.example.com:10080; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# WebSocket support (nginx 1.4) | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
} | |
// WebSocketSecure SSL Endpoint | |
The proxy is also an SSL endpoint for WSS and HTTPS connections. So the clients can use wss:// connections (e.g. from pages served via HTTPS) which work better with broken proxy servers, etc. | |
server { | |
listen 443; | |
server_name ws.example.com; | |
ssl on; | |
ssl_certificate ws.example.com.bundle.crt; | |
ssl_certificate_key ws.example.com.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers HIGH:!aNULL:!MD5; | |
ssl_prefer_server_ciphers on; | |
location / { | |
# like above | |
} | |
} | |
// WSS Proxy with Path Rewriting | |
Like above, but HTTPS and WSS endpoints are not “/” but “/services/myservice/”. So something like wss://api.example.com/services/myservice can be done. | |
server { | |
# like above | |
location /services/myservice { | |
access_log off; | |
proxy_pass http://ws1.example.com:10080; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# WebSocket support (nginx 1.4) | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
# Path rewriting | |
rewrite /services/myservice/(.*) /$1 break; | |
proxy_redirect off; | |
} | |
} | |
// Load Balancing | |
Like 3., but there are three WS backends (ws1, ws2, ws3). Each client must always be forwarded to the same backend (e.g. when using HTTPS requests). | |
upstream webpush { | |
ip_hash; | |
server ws1.example.com:10080; | |
server ws2.example.com:10080; | |
server ws3.example.com:10080; | |
} | |
server { | |
# like above | |
location /services/myservice { | |
proxy_pass http://webpush; | |
# the rest, like above | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is what I'm looking for, except that the Nginx one doesn't actually separate the web socket traffic like the HAproxy one does.