I have the following setup:
+----------------------------+ +-----------------------------+
| | | |
| | | |
| | | |
| +--------+ +--------+ | | +--------+ +-------+ |
| | | | | | | | | | | |
| | client | | nginx | | | | nginx | | server| |
| | | | | | | | | | | |
| | ws +-------> wss +-------------------------> wss +--------> ws | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| +--------+ +--------+ | | +--------+ +-------+ |
| | | |
| | | |
+----------------------------+ +-----------------------------+
I want to connect a client with a server via a secure websocket. But not directly. The client and the server doesn't know the security.
So the client connects to: ws://localhost:6277/wstest
The client-side nginx is listen on port 6277. I want the Nginx to forward the connection securely to ws.example.com/wstest.
The config of the Nginx is:
server {
server_name localhost;
listen 6277;
location /wstest {
proxy_ssl_certificate /etc/nginx/ssl/client.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/client.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_session_reuse on;
resolver 127.0.0.1;
proxy_pass https://ws.example.com/wstest;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
The client-side setup doesn't work. The client gives me the following error: The HTTP response from the server [500] did not permit the HTTP upgrade to WebSocket. And Nginx gives me: "GET /ocpp/cp-1/ws HTTP/1.1" 500 193 "-" "-".
When I bypass the client-side Nginx, so that the client can connect directly (wss://ws.example.com/wstest) to the server only through the server-side Nginx, everything works fine.
The Nginx on server-side converts wss to ws and forwards the connection to the server.
Is there something wrong with the client-side Nginx configuration? Transform wss to ws with Nginx is no problem. But is it even possible to transform ws to wss with Nginx?
