<div dir="ltr">We've been debugging this issue for 3 days now and even though we have a temporary fix, we're still puzzled about it.<br><br>There is an iOS app, which opens a websocket connection to our server over SSL. Our server runs SmartOS and has nginx 1.5.0 (also happens on 1.4.1) proxying to a backend server running in NodeJS.<br>
<br>To reproduce, I start my app, a websocket connection is established and works well, then I put the app to sleep for awhile until nginx kills the connection. When I reopen the app, the following happens:<br><br>1) App notices that the connection is dead and reconnects.<br>
2) Behind the scenes, iOS reuses the SSL session from before and quickly opens a new socket.<br>3) A HTTP upgrade request and response flow across with no problems.<br>4) With a successful web-socket established on both sides, the client starts sending frames. However, none of these gets delivered to the backend server.<br>
5) After a minute, nginx kills the connection even though the client is sending periodic pings.<br>6) Back to 1.<br><br>I haven't managed to reduce the test case or reproduce it in another environment yet. This only happens when using SSL. In wireshark I see the websocket frames being sent from the iPhone client and TCP acked properly.<br>
<br>What currently fixes the problem is to disable SSL session reuse in nginx. Then every websocket connection works like it should.<br><br>Here is the config before the fix:<br>###<br><div><div> server {</div><div> ### Server port and name ###</div>
<div> listen 80 default_server;</div><div> listen 443 default_server ssl;</div><div> server_name <a href="http://test.mydomain.com">test.mydomain.com</a>;</div><div><br></div><div>
### SSL cert files ###</div><div> ssl_certificate /opt/local/etc/nginx/ssl/certificate.crt;</div><div> ssl_certificate_key /opt/local/etc/nginx/ssl/certificate.key;</div><div><br></div><div>
### SSL specific settings ###</div><div> ssl_session_cache shared:SSL:10m;</div><div> ssl_session_timeout 10m;</div><div> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;</div><div> ssl_ciphers RC4:HIGH:!aNULL:!MD5; </div>
<div> ssl_prefer_server_ciphers on;</div><div><br></div><div> keepalive_timeout 60;</div><div> client_max_body_size 10m;</div><div><br></div><div> location / {</div><div> access_log off;</div>
<div> proxy_pass <a href="http://localhost:3003">http://localhost:3003</a>;</div><div> proxy_set_header X-Real-IP $remote_addr;</div><div> proxy_set_header Host $host;</div><div> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div><br></div><div> # WebSocket support (nginx 1.4)</div><div> proxy_http_version 1.1;</div><div> proxy_set_header Upgrade $http_upgrade;</div><div> proxy_set_header Connection "upgrade";</div>
<div> }</div><div> }</div><br><br>Best regards,<br>Eirikur Nilsson<br></div></div>