Nginx Configuration for websocket: Error during WebSocket handshake: Unexpected response code: 403

Maxim Dounin mdounin at mdounin.ru
Thu Jun 10 14:13:43 UTC 2021 

Hello!

On Thu, Jun 10, 2021 at 06:14:03AM -0400, raphy wrote:

> In order to use XMPP with websocket, and take advantage of nginx
> capabilities to proxy to 443 and to serve multiple domains, I've configured
> nginx as follows:
> 
> 
>     server {
>         listen 443 ssl http2 default_server;
>         server_name grasp.deals www.grasp.deals;

[...]

>         location /http-bind {
>             proxy_pass http://127.0.0.1:5280/http-bind;
>             proxy_set_header Host $host;
>             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>             proxy_set_header X-Forwarded-Proto $scheme;
>             proxy_buffering off;
>            tcp_nodelay on;
>         }
> 
>         location /xmpp-websocket {
>             proxy_pass http://127.0.0.1:5280/xmpp-websocket;
>             proxy_http_version 1.1;
>             proxy_set_header Connection "Upgrade";
>             proxy_set_header Upgrade $http_upgrade;
> 
>             proxy_set_header Host $host;
>             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>             proxy_set_header X-Forwarded-Proto $scheme;
> 
>             proxy_read_timeout 900s;
>         }
>     }

[...]

> In the app I'm developing, when I switch from BOSH (http-bind), which works
> fine:
> 
>     let [conn, setConn] = React.useState(new
> Strophe.Connection("https://grasp.deals/http-bind"));
> 
> to websocket:
> 
>     let [conn, setConn] = React.useState(new
> Strophe.Connection("wss://grasp.deals/xmpp-websocket"));
> 
> I get this error:
> 
>     WebSocket connection to 'wss://grasp.deals/xmpp-websocket' failed: Error
> during WebSocket handshake: 
>     Unexpected response code: 403

Both locations seems to be proxied to the same backend, 
127.0.0.1:5280, with mostly identical configurations.  What's the 
backend is expected to do?  Do you see the request in nginx log?  
In backend logs?

>From the information you've provided it looks like the error is 
returned by the backend (though this needs to be checked), so you 
have to look at the backend to find out what goes wrong.

If you don't see the request in the backend logs, try adding 
something like $upstream_status to nginx access logs 
(http://nginx.org/r/log_format) to see if the error is indeed 
returned by the backend.  Alternatively, configure debug logging 
(http://nginx.org/en/docs/debugging_log.html) to see all the 
request processing details, it will also show the response 
returned by the backend server.  Or simply use tcpdump to see the 
traffic between nginx and the backend.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list