Thursday, June 13, 2013

Websockets + Nodejs + Nginx

With the last version of Nginx, it supports http 1.1 with bidirectional websockets. So it is possible to use it with nodejs (by example).

A spanish intro in this post: http://www.securityartwork.es/2013/06/13/abstrayendo-websockets-ssl/

Here, my minimal-snippets: One plain and one for SSL:


upstream websockets_nodejs {
server backend:9090;
}
server {
listen 80;
server_name sock.midominio.es;
root /usr/local/app/sock/app/webroot;
keepalive_timeout 512;
location / {
proxy_pass http://websockets_nodejs;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
view raw nodejs_nginx.conf hosted with ❤ by GitHub
upstream websockets_nodejs {
server backend:9090;
}
server {
listen 443;
server_name sckts.midominio.es;
root /usr/local/app/sock/app/webroot;
index index.php;
keepalive_timeout 512;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://websockets_nodejs;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
view raw nodejs_nginx_ssl.conf hosted with ❤ by GitHub
;)
Publicado por No comments:
Etiquetas: , , , , ,
Subscribe to: Posts (Atom)