Nginx reverse proxy websocket problem - plz help

mrc · December 29, 2019, 6:04am

Hi, so my configuration is as follows: opnsense router forwards all port 80 and 443 traffic to an nginx VM, which reverse-proxies to some VMs or my hassio pi based on the inbound domain name.

All the preexisting VM webservers work fine (using HTTP), I’ve had this basic nginx/opnsense setup for years, but hassio is giving me serious problems. Just trying to use HTTP for hassio as well.

Logging in to the hassio web UI via the local IP and port continues to work fine, but logging in via the external domain has problems. The nginx reverse proxy gets an http 101 (connection upgrade) from hassio which causes the iframe to reset. So it seems like there’s some issue with the upgrade from http to websocket. What this amounts to is, the login goes smoothly, but then any page I land on will refresh every ~10s or so.

Here’s my current nginx config, it’s gone through a lot of iterations. Any ideas?

map $http_upgrade $connection_upgrade {
  default Upgrade;
  '' close;
}

upstream websocket {
  server 192.168.73.67:8123;
}

server {
    listen 80;
    server_name myserver.com;
    underscores_in_headers on;
    proxy_read_timeout 1h;
    proxy_buffering off;
    location / {
        include /etc/nginx/reverse-proxy.conf;
        proxy_pass http://192.168.73.67:8123/;
        proxy_http_version 1.1;
        proxy_redirect https:// http://;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
    }
    location /api/websocket {
        include /etc/nginx/reverse-proxy.conf;
        proxy_pass http://192.168.73.67:8123/api/websocket;
        proxy_http_version 1.1;
        proxy_redirect https:// http://;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
    }
}

firstof9 · December 30, 2019, 4:55pm

Here’s my working Nginx config:

worker_processes  2;

events {
    worker_connections  1024;
    use epoll;
}


http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    server {
        # Update this line to be your domain
        server_name [REDACTED DOMAIN NAME];

        # Ensure these lines point to your SSL certificate and key
        ssl_certificate /etc/letsencrypt/live/[REDACTED DOMAIN NAME]-0001/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/[REDACTED DOMAIN NAME]-0001/privkey.pem; # managed by Certbot


        # These shouldn't need to be changed
        # Proxy Home Assistant via SSL
        listen 0.0.0.0:443;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;

        proxy_buffering off;

        location / {
            proxy_pass http://[IP ADDRESS TO HOME ASSISTANT]:8123;
            proxy_set_header Host $host;
            proxy_redirect http:// https://;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # Unmask IP of user
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }


    }

}

peca89 · October 6, 2020, 7:41am

I’m having the similar problem. Connection upgrade seems to work fine, but the pages refresh from time to time. After about a minute or so. But never often as 10s. It makes it almost unusable for editing configs via UI as you will get kicked without saving after random amount of time…

Any advice on how to debug this? Console view in developer options in Chrome do not show anything, neither does /var/log/nginx/error.log on nginx server…