Nginx reverse proxy for websockets with SSL

nginxreverse-proxysocketssl

I am trying to configure nginx (installed via macports) on my osx development machine. I am trying to reverse proxy localhost:12346/trade to a websocket connection which is available on port 12346 at /trade on a remote machine.

I am using the following nginx.conf file. It works when the SSL SECTION is commented out, but nginx will not start properly when it is uncommented. I have modeled the conf file on other questions and answers here, and from other sites. I've tried it 20 different ways, but as soon as I uncomment any of the SSL related lines, nginx wont start.

worker_processes  1;

events {
  worker_connections 20;
}

error_log /opt/local/etc/nginx/debug.log debug;

http {
  include       mime.types;
  default_type  application/octet-stream;

  #
  # Some default configuration.
  #
  sendfile           on;
  tcp_nopush         on;
  keepalive_timeout  65;

  #
  # A list with load balancing backends hashed on IP for sticky load balancing.
  #
  upstream backend {
    # ip_hash;

    server 123.456.78.90:12346;
  }

  server {
    listen       12346; # ssl used here when un-commented
    server_name  localhost;

    # SSL SECTION
    # ssl on;
    # ssl_certificate /opt/local/etc/nginx/server.crt;
    # ssl_certificate_key /opt/local/etc/nginx/server.key;
    # ssl_session_cache  builtin:1000  shared:SSL:10m;
    # 
    # ssl_session_timeout 5m;
    # ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    # ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    # ssl_prefer_server_ciphers   on;
    # END SSL SECTION

    #
    # Proxy settings
    #
    location /trade {
      proxy_pass http://backend/;
      proxy_redirect      off;
      proxy_set_header    Host              $host;
      proxy_set_header    X-Real-IP         $remote_addr;
      proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header    X-Forwarded-Proto $scheme;

      # WebSocket specific
      proxy_http_version 1.1;
      proxy_set_header    Upgrade           $http_upgrade;
      proxy_set_header    Connection        "upgrade";

      #
      # Specific for comet or long running HTTP requests, don't buffer up the
      # response from origin servers but send them directly to the client.
      #
      proxy_buffering     off;

      #
      # Bump the timeout's so someting sensible so our connections don't
      # disconnect automatically. We've set it to 12 hours.
      #
      proxy_connect_timeout 43200000;
      proxy_read_timeout    43200000;
      proxy_send_timeout    43200000;
    }
  }
}

Can anyone spot what I am doing wrong?

Best Answer

Figured it out. With Macports you have to explicitly install nginx with ssl support using sudo port install nginx +ssl Stupid, I know - why would you ever install it without, and why would your flag start with +...

Related Topic