1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
=encoding utf-8
=head1 Name
websocket - WebSocket proxying
=head1
To turn a connection between a client and server from HTTPE<sol>1.1 into WebSocket,
the L<protocol
switch|https://datatracker.ietf.org/doc/html/rfc2616#section-14.42> mechanism available in HTTPE<sol>1.1 is used.
There is one subtlety however: since the C<Upgrade> is a
L<hop-by-hop|https://datatracker.ietf.org/doc/html/rfc2616#section-13.5.1>
header, it is not passed from a client to proxied server.
With forward proxying, clients may use the C<CONNECT>
method to circumvent this issue.
This does not work with reverse proxying however,
since clients are not aware of any proxy servers,
and special processing on a proxy server is required.
Since version 1.3.13,
nginx implements special mode of operation
that allows setting up a tunnel between a client and proxied
server if the proxied server returned a response with the code
C<101> (C<Switching Protocols>),
and the client asked for a protocol switch via the C<Upgrade>
header in a request.
As noted above, hop-by-hop headers including C<Upgrade>
and C<Connection> are not passed from a client to proxied
server, therefore in order for the proxied server to know about the client’s
intention to switch a protocol to WebSocket, these headers have to be
passed explicitly:
location /chat/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
A more sophisticated example
in which a value of the C<Connection> header field
in a request to the proxied server depends on the presence of
the C<Upgrade> field in the client request header:
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
...
location /chat/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
By default, the connection will be closed
if the proxied server does not transmit any data within 60 seconds.
This timeout can be increased with the
L<ngx_http_proxy_module> directive.
Alternatively, the proxied server can be configured
to periodically send WebSocket ping frames to reset the timeout
and check if the connection is still alive.
|
