[[email protected]:~]$

Nginx Websocket Reverse Proxy quick reference


This is a quick reference guide to configuring Nginx as a Websocket Reverse Proxy. If you don’t have a websocket application, but would like to try setting one up, this agario clone is a good place to start.

Index

  1. Install nginx
  2. Configuring nginx
  3. SELinux/Firewall

Install nginx

As this is aimed at being more of a quick reference, this guide will make a few assumptions, such as that you already have a server provisioned, and a generic familiarity with web servers. To install nginx: (note you can install nginx-mainline from some repositories for new features, bug fixes, updates)

Redhat / CentOS

yum install nginx

Ubuntu / Debian

apt-get install nginx

Arch

pacman -S nginx

If you would like to compile nginx from scratch with custom binaries/modules please see openresty


Configuring nginx

Ensure you have the following directive in your /etc/nginx/nginx.conf or add the ensuing configuration to the http block in the main config.

	include  /etc/nginx/conf.d/*.conf;

Create a new file in /etc/nginx/conf.d/ ending with the suffix .conf, add the following configuration. If you are adding this to the main config instead, ensure it is inside the http block.

upstream agario_websocket_server {
    server 192.168.1.1:3000;
}

server {
    listen 80;
    server_name agar.example.com;

     location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;

      proxy_pass http://agario_websocket_server;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

    }
}

If you would like an explanation of each directive, you can read about them here.


SELinux/Firewall

In case you happen to have SELinux enabled on the client, or need to add firewall rules, this can be done with the following. In this case we are sending the traffic to port 3000, if that happens to be your http port, you may need to make sure your selinux policy will allow traffic.

semanage port -a -t http_port_t -p tcp 3000

If you are using firewalld, this is how you can open a port, if you need udp, run the same command, but replace tcp with udp.

firewall-cmd --permanent --zone=public --add-port=3000/tcp
firewall-cmd --reload

That concludes the quick reference. If you have any questions, as always, feel free to find me on my social and hit me up. Thanks for reading!