7

So I've been reading up on this whole server set up in which Nginx is used in front of nodejs as a reverse proxy so that it serves the static content while allowing node to do the dynamic stuff. My question is, why would someone want to use the nginx front to reverse proxy to the websocket? If nginx serves the static content (HTML, CSS, JS, media, etc.) then can't the JS file that is served simply connect to the server directly using the ip address and the port that the websocket is listening on in the nodejs server? Why go through nginx to connect to the websocket on the server? Or am I not understanding this situation clearly? Thank you!

TheMAAAN
  • 501
  • 5
  • 15
  • you get nginx's security model, for one. any (say) ip address/referer restrictions you've set on the main site would also apply to the websocket. – Marc B Jul 27 '16 at 18:52
  • You should read this...http://stackoverflow.com/questions/224664/difference-between-proxy-server-and-reverse-proxy-server – JClarke Jul 27 '16 at 18:57
  • @Jclarke sorry for using the term "proxy" I edited my question to use the term "reverse proxy". However, my question still stands.. – TheMAAAN Jul 27 '16 at 19:22
  • 1
    The only reason I can think of is load balancing... but what if your not using multiple nodejs servers? Is there still a point to using Nginx as a reverse proxy for the websocket connection besides what @MarcB has pointed out? – TheMAAAN Jul 27 '16 at 19:25

2 Answers2

6

A WebSocket application keeps a long-running connection open between the client and the server, facilitating the development of real-time applications. The HTTP Upgrade mechanism used to upgrade the connection from HTTP to WebSocket uses the Upgrade and Connection headers. There are some challenges that a reverse proxy server faces in supporting WebSocket. One is that WebSocket is a hop-by-hop protocol, so when a proxy server intercepts an Upgrade request from a client it needs to send its own Upgrade request to the backend server, including the appropriate headers. Also, since WebSocket connections are long lived, as opposed to the typical short-lived connections used by HTTP, the reverse proxy needs to allow these connections to remain open, rather than closing them because they seem to be idle.

NGINX supports WebSocket by allowing a tunnel to be set up between a client and a backend server. For NGINX to send the Upgrade request from the client to the backend server, the Upgrade and Connection headers must be set explicitly, as in this example:

location /wsapp/ {
    proxy_pass http://wsbackend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

Once this is done, NGINX deals with this as a WebSocket connection.

For more details please visit:- https://www.nginx.com/blog/websocket-nginx/ https://blog.martinfjordvald.com/2013/02/websockets-in-nginx/

Hope this would help!

Parveen yadav
  • 2,252
  • 1
  • 21
  • 35
  • 6
    You have explained the 'how' but I would like to know the 'why'. Why would you want to use Nginx as a reverse proxy when you can DIRECTLY refer to the ip address and port of the nodejs server without having to go through Nginx? Therefore, you will serve all the static content using Nginx btu when your static content (e.g. js files) needs to communicate with node it simply sets up a websocket connection DIRECTLY to it. Do you understand my point? – TheMAAAN Jul 27 '16 at 19:27
  • ok one reason for using nginx is proxy pass you can use this to secure your API's you can expose or show the API to the front end a different one and than by proxypass you can redirect it to another API the actual API names you given so that will secure your code. Secondly you can easily enable gzip compression and minfication using nginx a one go step and your site rank is high .You can also indexing your images and files using nginx. You can also use nginx as streaming server. – Parveen yadav Jul 27 '16 at 19:35
  • 1
    So if you were to directly connect you wouldn't get these features (unless you programmed them yourself of course). What if the Nginx is on the same machine as the nodejs process? Would you still be able to take advantage of the features you have listed? – TheMAAAN Jul 27 '16 at 19:42
  • yes ofcourse i will because only diff machine will not secure your API but also you can give diff name to the API that are on same machine so that nobody knows the actual name of API so that will also makes a point for example you use name of any api that you expose as:- api/v1/test and via nginx you can proxy this api to actual one that is suppose api/v1/server/actual. So here you expose only a name i.e test that actually not exists – Parveen yadav Jul 27 '16 at 19:52
1

One reason I could think of is that Nginx gives you more flexibility and customizations like load balancing, ratelimiting, etc.