Nginx – Correct Configuration for Socket.io

nginxnode.jssocket.io

If I have a node express server running on port 5003

import express from 'express'
import { createServer } from 'http'
import { Server } from 'socket.io'

const app = express()
const prod = process.env.NODE_ENV === 'production'
const port = process.env.PORT || prod ? 5003 : 4000
const httpServer = createServer(app)

const io = new Server(httpServer, {
  cors: {
    origin: '*',
    methods: ['GET', 'POST']
  }
})

const connections = []

io.on('connection', (socket) => {
  connections.push(socket)
  console.log(`Socket id ${socket.id} connected`)

  socket.on('disconnect', () => {
    connections.splice(connections.indexOf(socket), 1)
  })
})

httpServer.listen(port, () => console.log(`App listening on port ${port}.`))

And a client connecting the socket.io to the server

const socket = io(`http://localhost:5003`)

What would the nginx server block configuration be?

The url where this app is at is like this:

https://my.domain.com/myapp

And my server blocks are:

geo $authentication {
  default "Authentication required";
  `Some ip number` "off";
}

server {
  listen         80 default_server;
  listen    [::]:80 default_server;
  server_name my.domain.com;
  return 404; # managed by Certbot
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; # managed by Certbot

  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  server_name my.domain.com;
  client_max_body_size 200M;
  
  root /var/www/;
  index index.php index.html index.htm;

  location / {
    add_header Access-Control-Allow-Origin *;
    auth_basic $authentication;
    auth_basic_user_file /var/www/.htpasswd;
    try_files $uri $uri/ =404;
  }

  # Here is for example the app where I am running socket.io from
  location /myapp {
    auth_basic $authentication;
    auth_basic_user_file /var/www/.htpasswd;
    try_files $uri $uri/ =404;
  }

  # If this app has some sort of api route for express I do a proxy pass
  location /api/upload/ {
    proxy_pass http://localhost:5003/api/upload;
  }

Best Answer

Here is an example NGINX configuration block for webscokets. Notice how the connection is upgraded if a valid websocket connection is made to the end point http://127.0.0.1:8080/wsapp

More at NGINX as a WebSocket Proxy

location /wsapp {
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    proxy_hide_header 'Access-Control-Allow-Origin';
}

Related Solutions

Nginx node.js & socket.io 504 timeout

A flexible solution would be to use upstream:

upstream backend {
    server 127.0.0.1:1337    max_fails=1 fail_timeout=5s;
}

server {
    listen        *:80;
    server_name   live.domain.com;

    server_tokens off;
    charset utf-8;

        error_log       /var/log/nginx/live-error.log info;
        access_log      /var/log/nginx/live-access.log;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://backend;
        proxy_redirect off;
    }
}

This way you can additionally control how many failures are tolerated and you can have multiple servers in one upstream.

Nginx PHP files downloading instead of executing

Had the same issue!

Found the answer here, http://www.ceus-now.com/nginx-password-protect-directory-downloads-source-code/

Because we are adding ^~ we are leaving behind some other settings (not sure why we need to add this but it was the only way to get it to actually pull up the authentication :( )

include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web11.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;

I tried various combinations to see what was/not needed and each line is needed. I wish I understood these things better.

UPDATE: July 27th 2016:

So I did some reading and finally understand why we have this issue.

In short when we install FastCGI and php-fpm it creates a directive in the nginx server files (which file depends on your server install).

So in mine I have the following...

        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
    #
    #       # With php7.0-cgi alone:
    #       fastcgi_pass 127.0.0.1:9000;
    #       # With php7.0-fpm:
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;

As you will notice these directives are in location / and not in the global settings. Since we want to secure a particular folder these directives are not inherited. Therefore, we need to declare it again.

If we wanted to follow the DRY ("Don't Repeat Yourself") principle, then we would declare the PHP-fpm and FastCGI in the global settings. We can do this by moving it to below (example, but it just needs to be outside of location directive). Here is an example.

root /var/www/html;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;

Hope this helps. I realized the above by reading https://www.digitalocean.com/community/tutorials/understanding-and-implementing-fastcgi-proxying-in-nginx

Disclaimer: I am no pro so if you see mistakes be nice and just let me know and I will hopefully update.

Best Answer

Related Solutions

Nginx node.js & socket.io 504 timeout

Nginx PHP files downloading instead of executing

Related Topic