Nginx revere proxy Websocket error 404

Question

Score:0

Server

Nginx revere proxy Websocket error 404

Nicolás Tomassi

1/30/23, 4:55 PM

i'm working with two Nginx one behind the each other.

Our Infraestructure it's like this infraestructure

Problem

I've problems with websocket connections, when i send the request to Nginx Proxy pass always return 404 but when i send the request to the final NGINX it works fine.

Logs in the FINAL NGINX

# when the request doesn't go through the NGINX PROXY PASS
# this is fine
<SOME-CLIENT-IP> - - [30/Sep/2021:13:46:02 +0000] "GET /cable HTTP/1.1" 101 22120 "-" "Mozilla/5.0 (Linux; Android 9; SM-A105M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Mobile Safari/537.36"

# when the request goes through the NGINX PROXY PASS
# this is wrong
<IP-NGINX-PROXY-PASS> - - [30/Sep/2021:13:46:09 +0000] "GET /cable HTTP/1.0" 301 14 "-" "Mozilla/5.0 (Linux; Android 11; SM-A505G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.105 Mobile Safari/537.36"

This only happens with Websockets connections endpoint /cable.

NGINX Proxy pass conf

server {
  server_name domain.com;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header  X-Forwarded-Ssl on; # Optional
    proxy_set_header  X-Forwarded-Port $server_port;
    proxy_set_header  X-Forwarded-Host $host;
    proxy_redirect off;
    proxy_pass https://<IP-FINAL-NGINX>;
  }

  location /cable {
    proxy_pass http://<IP-FINAL-NGINX>;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
   }

  listen [::]:443 ssl http2 ipv6only=on;
  listen 443 ssl http2; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  if ($host != "domain.com") {
    return 404;
  }
}

server {
  server_name www.domain.com;
  
  listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  return 301 example.com$request_uri;
}

server {
  server_name domain.com;
  listen 80;

  return 301 https://<IP-FINAL-NGINX>$request_uri;
}

server {
  server_name domain.com;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header  X-Forwarded-Ssl on; # Optional
    proxy_set_header  X-Forwarded-Port $server_port;
    proxy_set_header  X-Forwarded-Host $host;
    proxy_redirect off;
    proxy_pass https://<IP-FINAL-NGINX>;
  }

  location /cable {
    proxy_pass http://<IP-FINAL-NGINX>;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
   }

  listen [::]:31117 ssl http2 ipv6only=on;
  listen 31117 ssl http2; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  if ($host != "domain.com") {
    return 404;
  }
}

server {
  server_name www.domain.com;
  
  listen 31117 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  
  return 301 example.com$request_uri;
}


server {
  server_name domain.com;
  listen 30723;

  return 301 https://<IP-FINAL-NGINX>$request_uri;
}

Final NGINX - this connects with the final app

upstream myapp {
  server unix:/var/www/myapp/current/tmp/sockets/puma.sock fail_timeout=30s;
}

server {
  server_name domain.com;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header  X-Forwarded-Ssl on; # Optional
    proxy_set_header  X-Forwarded-Port $server_port;
    proxy_set_header  X-Forwarded-Host $host;
    proxy_redirect off;
    proxy_pass http://myapp;
  }

   location /cable {
    # this endpoint '/cable' handles websocket's connections
    proxy_pass http://myapp;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
   }
 
  location ~ ^/(assets|img|static|favicon)/ {
    root /var/www/nulinga/current/public;

    gzip_static  on;
    expires max;
    add_header Cache-Control public;
  }
  
  listen [::]:443 ssl http2 ipv6only=on;
  listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  if ($host != "domain.com") {
    return 404;
  }
  
  error_page 502 503 504 =503 /503.html;
  error_page 404 =404 /404.html;
  
  location = /503.html {
    root /var/www/myapp/current/public;
    allow all;
    internal;
  }

  location = /404.html {
    root /var/www/myapp/current/public;
    allow all;
    internal;
  }


}

server {
  server_name www.domain.com;
  
  listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  return 301 example.com$request_uri;


}

server {
  server_name domain.com www.domain.com;
  listen 80;

  return 301 example.com$request_uri;
}

246

0 + 0

nginx

proxy

reverse-proxy

http-status-code-404

websocket

Nginx revere proxy Websocket error 404

Problem

Logs in the FINAL NGINX

NGINX Proxy pass conf

Final NGINX - this connects with the final app

Post an answer