Detailed explanation of Nginx forwarding socket port configuration

Common scenarios for Nginx forwarding socket ports: Online learning applications, in addition to regular functions, add a chat room function, the backend selects swoole as the service provider, and does not want the front end to directly link to the service in ip:port mode, so Nginx needs to be used for forwarding.

Normally, we can directly establish a socket link on the user page, but such an operation will expose the port and bring certain security risks. Using Nginx for forwarding can hide the port. An additional problem is that some header parameters also need to be brought to the socket service provider during the forwarding process, and the rest only need Nginx to process the conversion from regular protocol to Websocket.

Among them, "Upgrade" is a hop-by-hop header and cannot be forwarded from the client to the proxy server. By forwarding the proxy, the client can use the CONNECT method to circumvent this problem. However, this does not work with a reverse proxy, since the client is not aware of any proxy server and requires special handling on the proxy server. At the same time, the hop-by-hop headers containing "Upgrade" and "Connection" cannot be passed, so you need to bring these two parameters when converting to Websocket: for example:

location /chat/ {
  proxy_pass http://backend;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
}

Advanced: Let the value of the "Connection" header field forwarded to the proxied server depend on the value of the "Upgrade" field in the client request header. For example:

http {
  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  server {
    ...

    location /chat/ {
      proxy_pass http://backend;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
    }
  }

Note: The http://backend in the example is a group of load-balanced servers. If there is only a single server, you can write proxy_pass http://127.0.0.1:9501; like this.

Additionally, by default, a connection that has not transferred any data within 60 seconds will be closed, this time can be extended using the proxy_read_timeout directive. Alternatively, the proxy server can be configured to periodically send ping frames to reset the timeout and check whether the link is available.

Reference link: Nginx Websocket proxying

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.