Join Log in
Score:0
Steve Moretz avatar Server

Nginx upstream wss proxy SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading)

in flag
Steve Moretz

What I need is

Client <--wss---> nginx <--wss--> server

I am doing a wss proxy, I have already got it working on Apache but I want to switch to nginx now here's the apache config:

<LocationMatch "/statistics">
        ProxyPass wss://127.0.0.1:23456
        ProxyAddHeaders Off
        ProxyPreserveHost On
        RequestHeader set Host %{HTTP_HOST}s
        RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
</LocationMatch>

On nginx I use this config /etc/nginx/nginx.conf

server {
        listen       444 ssl;
        listen       [::]:444 ssl;
        server_name  domain.com www.domain.com;
        root         /usr/share/nginx/html;

        ssl_certificate "/etc/letsencrypt/live/domain/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/domain/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;

        ssl_prefer_server_ciphers on;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;


    proxy_ssl_server_name on;
    ssl_protocols TLSv1.2 TLSv1.3;
location /statistics {
    proxy_pass https://127.0.0.1:23456;

    proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header Host $host;
      proxy_ssl_name $host;
    proxy_ssl_session_reuse off;


      proxy_ssl_certificate "/etc/letsencrypt/live/domain/fullchain.pem";
      proxy_ssl_certificate_key "/etc/letsencrypt/live/domain/privkey.pem";


      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
}

My website loads fine on Nginx without any SSL errors, what doesn't work is the websocket with wss, websocket with ws also works!

I use wscat for testing the connection running:

wscat -c wss://kaveneger.ir:23456
Connected (press CTRL+C to quit)
>

Means that my endpoint is fine (Didn't really need this test as it works in apache but anyways...)

Now here's when I do it with nginx

wscat -c wss://domain.com:444/statistics
error: Unexpected server response: 404
> %

Nginx Logs

/var/log/nginx/access.log

123.123.123.123 - - [27/Feb/2023:21:53:15 +0000] "GET /statistics HTTP/1.1" 404 0 "-" "-" "-"

/var/log/nginx/error.log

2023/02/27 21:53:49 [crit] 70632#70632: *14 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 123.123.123.123, server: 0.0.0.0:444

My OS is Rocky Linux 9 and nginx version: nginx/1.20.1

I've already searched a lot and tried all the solutions I found but nothing worked!

Update

it works if I use location / instead of location /statistics!

1538
0 + 0
wss
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.