<div dir="ltr"><div dir="ltr">Francis!<div><br></div><div>Wow thank you. This really helps all the guidance and instruction. I really appreciate your time.</div><div><br></div><div>One thing to clarify, is that if I turn off NGINX, the client page works fine and connects to the app server inside the docker OK.</div><div><br></div><div>I've changed the conf.d to the following, but still fail to get my app's server to work.</div><div><br></div><div>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">map $http_upgrade $connection_upgrade {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>default upgrade;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>'' close;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">}</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">upstream to-websocket {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>server <a href="http://172.31.24.191:25565">172.31.24.191:25565</a>;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">}</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">server_tokens off;</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">server {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># <span class="gmail-Apple-converted-space"> </span>first redirect to https</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>if ($scheme = "http") {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>return 301 https://$host$request_uri;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>}</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">}</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">server {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>server_name esports1.totalvu.live;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>root /var/www/html;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>index<span class="gmail-Apple-converted-space"> </span>index.html index.htm;</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># <span class="gmail-Apple-converted-space"> </span>Proxy our outside https to local http</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>listen [::]:443 ssl ipv6only=on; # managed by Certbot</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>listen 443 ssl; # managed by Certbot</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>listen 25566 ssl;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>ssl_certificate /etc/letsencrypt/live/esports1.totalvu.live/fullchain.pem; # managed by Certbot</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>ssl_certificate_key /etc/letsencrypt/live/esports1.totalvu.live/privkey.pem; # managed by Certbot</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>location / {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>try_files $uri /static/ @wss;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>}</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>location @wss {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>error_log<span class="gmail-Apple-converted-space"> </span>/var/log/nginx/wsserror.log;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_http_version 1.1;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header Upgrade $http_upgrade;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header Connection $connection_upgrade;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header X-Real-IP $remote_addr;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># <span class="gmail-Apple-converted-space"> </span>proxy_set_header X-Forwarded-Proto $scheme;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header Host esports1.totalvu.live;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header Referer <a href="https://esports1.totalvu.live">https://esports1.totalvu.live</a>;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_set_header Referrer <a href="https://esports1.totalvu.live">https://esports1.totalvu.live</a>;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>proxy_pass <a href="http://172.31.24.191:25565">http://172.31.24.191:25565</a>;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># <span class="gmail-Apple-converted-space"> </span>proxy_pass <a href="http://to-websocket">http://to-websocket</a>;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>}</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>location /static/ {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>try_files <span class="gmail-Apple-converted-space"> </span>$uri =404;</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space"> </span>}</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8);min-height:21px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(255,255,255);background-color:rgba(34,78,188,0.8)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">}</span></p></div><div><br></div><div>My idea was to try changing our client webpage to access a different port # than the one our app server in the docker is listening to. With that change I see from WIreshark on my local that the WSS connection seems to go through OK with NGINX:</div><div><br></div><div><img src="cid:ii_l7zgj8mp0" alt="Screen Shot 2022-09-12 at 5.29.50 PM.png" width="514" height="123"><br></div><div><br></div><div>Our app server shows that the connection to the server also starts but then disconnect it:</div><div>(22:36:59) Disconnected <client IP address> (unknown opcode 22)<br></div><div><br></div><div><div><br class="gmail-Apple-interchange-newline">I confirmed that using local host or 127.0.0.1 was not where our app was listening as you said, so I changed to the local IP.</div><div><br></div><div><br></div></div><div>My question here, does NGINX negotiate the entire handshake for HTTPS to WSS upgrade itself, without forwarding the same pages to our app server ? Is there a way to forward those pages to the app server also ? I think our app server may insist on negotiating a ws:// connection itself, but not a wss:// connection.</div><div><br></div><div>Again Francis Many thanks!</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 12, 2022 at 1:37 PM Francis Daly <<a href="mailto:francis@daoine.org">francis@daoine.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sun, Sep 11, 2022 at 11:53:43AM -0700, Michael Williams wrote:<br>
<br>
Hi there,<br>
<br>
> Francis thanks very much for taking the time to look at this.<br>
> Based on your suggestion, I commented out these 3 lines and it got rid of<br>
> the looping. I thought the same process that wants the WS feed also looked<br>
> for inbound on port 80, but that is not the case after all.<br>
> <br>
> location @ {<br>
> proxy_set_header X-Real-IP $remote_addr;<br>
> proxy_set_header Host esports1.totalvu.live;<br>
> proxy_set_header Referer <a href="https://esports1.totalvu.live" rel="noreferrer" target="_blank">https://esports1.totalvu.live</a>;<br>
> proxy_set_header Referrer <a href="https://esports1.totalvu.live" rel="noreferrer" target="_blank">https://esports1.totalvu.live</a>;<br>
> # proxy_set_header X-Forwarded-Proto $scheme;<br>
> # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
> # proxy_pass <a href="http://localhost:80" rel="noreferrer" target="_blank">http://localhost:80</a>;<br>
> }<br>
<br>
That location{} now has no "*_pass" directive, so if it is used, it will<br>
end up trying to serve a file from the filesystem.<br>
<br>
If that is what you want it to do, it's fine. If not, you will probably<br>
want to decide what you want your nginx to do with a request, and then<br>
configure nginx to match.<br>
<br>
> I thought that localhost was a different route to the Debian kernel, than<br>
> the network interface... so listening to localhost:80 wouldn't hear traffic<br>
> on the network interface port 80 and vice versa. Is that wrong?<br>
<br>
"It depends".<br>
<br>
In this context, where you have nginx listening on port 80 on the<br>
"everything" address, localhost counts as part of everything.<br>
<br>
> Unfortunately, WSS inbound proxied to WS on localhost isn't working. The<br>
> process that is listening is running inside a docker.<br>
<br>
Once you introduce docker, you are introducing the docker networking system.<br>
<br>
In docker networking, it is simplest to imagine that there is no<br>
localhost. (More strictly: there is not exactly one localhost; so you are<br>
better off keeping a very clear idea of what IP address is being used,<br>
from the perspective of what system.)<br>
<br>
> When the webpage tries to connect to NGINX to start a WSS from a testing<br>
> site like <a href="https://websocketking.com/" rel="noreferrer" target="_blank">https://websocketking.com/</a> going to the host without the port,<br>
> just to test conf.d :<br>
> <br>
> wss://myFQDN<br>
> <br>
> the access log shows:<br>
> <br>
> myIPAddr - - [11/Sep/2022:18:42:41 +0000] "GET / HTTP/1.1" 502 552 "-"<br>
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,<br>
> like Gecko) Chrome/<a href="http://105.0.0.0" rel="noreferrer" target="_blank">105.0.0.0</a> Safari/537.36" "-"<br>
> <br>
> <br>
> Should it say HTTPS here ? When I try with the port:<br>
> <br>
> wss://myFQDN:25565<br>
> <br>
> *the request hangs in Pending state forever.*<br>
<br>
I am confused as to what exactly you are doing.<br>
<br>
The overview is: somewhere, you are running the eventual "upstream"<br>
websocket service. That is listening on one specific IP:port. You will<br>
want to configure your nginx to proxy_pass to that IP:port when nginx<br>
receives the websocket connection-upgrade thing.<br>
<br>
If that upstream service is running inside docker, then the IP:port that<br>
you will connect to from outside that docker container, is whatever port<br>
is exposed by docker -- by the EXPOSE Dockerfile line, or by the -p or<br>
-P arguments to "docker run".<br>
<br>
> map $http_upgrade $connection_upgrade {<br>
> default upgrade;<br>
> '' close;<br>
> }<br>
<br>
So "$connection_upgrade" is either the word "upgrade" or the word "close".<br>
<br>
But you don't use "$connection_upgrade" anywhere in the config that you show.<br>
<br>
> upstream to-websocket {<br>
> server localhost:25565;<br>
> }<br>
<br>
That is referring to nginx's idea of localhost, which may or may not<br>
correspond to your in-docker service.<br>
<br>
Can you access that IP:port from the machine that nginx is running on? If<br>
not, change it to be whatever IP:port you can use the talk to your<br>
upstream websocket service.<br>
<br>
> server {<br>
> <br>
> # first redirect to https<br>
> if ($scheme = "http") {<br>
> return 301 https://$host$request_uri;<br>
> }<br>
<br>
This entire server{} block is equivalent to<br>
<br>
server { return 301 https://$host$request_uri; }<br>
<br>
because of the directive default values. If you don't want to listen<br>
for http, just don't have a server with (effectively) "listen 80;",<br>
(which is what this one has).<br>
<br>
> server {<br>
> <br>
> root /var/www/html;<br>
> index index.html index.htm;<br>
> server_name myFQDN;<br>
> <br>
> # Proxy our outside https to local http<br>
> listen [::]:443 ssl ipv6only=on; # managed by Certbot<br>
> listen 443 ssl; # managed by Certbot<br>
<br>
<snip><br>
<br>
> location / {<br>
> try_files /nonexistent @$http_upgrade;<br>
> }<br>
<br>
That will do an internal redirect to a location that can be chosen by<br>
the client. You hope the http "Upgrade" header will either be empty,<br>
or have the value "websocket". If it is, then one of the following<br>
location{}s will be used; otherwise there will probably be an error<br>
returned to the client.<br>
<br>
> location @websocket {<br>
> proxy_http_version 1.1;<br>
> proxy_set_header Upgrade $http_upgrade;<br>
> proxy_set_header Connection $connection_upgrade;<br>
> proxy_set_header X-Real-IP $remote_addr;<br>
> proxy_set_header X-Forwarded-Proto $scheme;<br>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
> proxy_set_header Host myFQDN;<br>
> proxy_set_header Referer <a href="https://myFQDN" rel="noreferrer" target="_blank">https://myFQDN</a>;<br>
> proxy_set_header Referrer <a href="https://myFQDN" rel="noreferrer" target="_blank">https://myFQDN</a>;<br>
> # proxy_pass <a href="http://localhost:25565" rel="noreferrer" target="_blank">http://localhost:25565</a>;<br>
> proxy_pass <a href="http://to-websocket" rel="noreferrer" target="_blank">http://to-websocket</a>;<br>
<br>
>From below, your websocket service appears to be listening on<br>
ip-172-31-24-191.:25565. You'll want to invite nginx to talk to that<br>
IP:port, not localhost.<br>
<br>
> location @ {<br>
<br>
And this is what should be used if the incoming request has no "Upgrade"<br>
header. This entire block is equivalent to "location @ { }"<br>
<br>
> Here is the listener process on netstat:<br>
> <br>
> netstat -a -o | grep 255<br>
> <br>
> tcp 0 0 ip-172-31-24-191.:25565 0.0.0.0:* LISTEN<br>
> off (0.00/0/0)<br>
<br>
If you can access that IP:port from the nginx server to talk to the<br>
websocket service, that's what you should configure nginx to try to<br>
talk to.<br>
<br>
> Here is the interface being used:<br>
<br>
In this case: nginx is talking to an IP. It does not care what the<br>
physical interface is. (iptables and the like do care; but that part<br>
all looks good from here.)<br>
<br>
> Here are the iptables stats:<br>
<br>
If these rules block nginx from talking to the IP:port and getting the<br>
response, that will want fixing. Otherwise, it's good.<br>
<br>
> iptables -L -n -v<br>
<br>
These appear to say "accept almost everything; nothing has been dropped",<br>
so these rules are presumably not blocking nginx.<br>
<br>
Good luck with it,<br>
<br>
f<br>
-- <br>
Francis Daly <a href="mailto:francis@daoine.org" target="_blank">francis@daoine.org</a><br>
_______________________________________________<br>
nginx mailing list -- <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
To unsubscribe send an email to <a href="mailto:nginx-leave@nginx.org" target="_blank">nginx-leave@nginx.org</a><br>
</blockquote></div><img src="https://t.sidekickopen04.com/s3t/o/5/f18dQhb0S7n28bNTLVW7zKHFs1jkhdLW1_k-L-1qZM43N2TrPlL5Z0xmW4cH2872z6fYSf7_cSGl02?si=8000000020094730&pi=5ad4e09c-1521-4cc9-d7c7-74fcd08b9c36" alt="" style="display:none!important" height="1" width="1"><div></div></div>