Node.js app in a Nginx subfolder with WSS connection to the same server

Question

After many years managing my web projects on an Apache server, I had to move them to a new server using Nginx. I've succeeded in migrating all of them except the one that uses websockets.

The project is a web-based minesweeper using websockets to communicate with the game server. The game is accessible through https://www.my.domain.com/minesweeper . In its client.js file, the connection is established through the line const ws = new WebSocket('wss://www.my.domain.com:8081/') .

The server uses the ws package, here's an extract of the server.js file, placed outside of the web folder :

const fs = require('fs')
const https = require('https')
const server = new https.createServer({
  key: fs.readFileSync('/etc/letsencrypt/.../privkey.pem'),
  cert: fs.readFileSync('/etc/letsencrypt/.../fullchain.pem')
})
const wss = new WebSocket.Server({ server })

wss.on('connection', function (ws) {
  ws.on('message', function (data) {
    // ...
  })
  ws.on('close', function () {
    // ...
  })
})

server.listen(8081)

The game was working with this configuration on the previous server, but I can't remember if I had to edit the Apache conf file to make it work.

Now, on the new server, I've got the following configuration file :

server {
    add_header Content-Security-Policy "default-src 'self' *.jquery.com wss: data: blob:;";

    listen 443 ssl;
    listen [::]:443 ssl;

    root /var/www/mydomain;

    index index.html index.htm index.nginx-debian.html index.php;

    server_name www.my.domain.com;

    charset utf-8;
    source_charset utf-8;

    location / {
        rewrite ^/(.*).html$ /index.php?page=$1;
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location /minesweeper/ {}

    location ~ /\.ht {
        deny all;
    }
    ssl_certificate /etc/letsencrypt/.../fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/.../privkey.pem; # managed by Certbot
}

Without any additionnal configuration, when I try to access the game through its URL, the websocket request doesn't return the expected 101 response code. Firefox also triggers the "can't establish connection to wss://www.my.domain.com:8081" error.

Based on the official Nginx tutorial about websockets and other SO answers about similar problems, I've tried to edit my Nginx configuration with multiple combinations of proxy_* parameters without success.

But based on the fact that the websocket server and that the Nginx server are on the same IP, and that the websocket server is listening to the 8081 port, should the Nginx server also be listening to the 8081 server (if I edit the configuration to do so, Nginx refuses to restart because of the websocket server already listening on that port, and reciprocally) ? Is Nginx really the problem or am I missing another thing ?

Thanks in advance !

Answer 1

I confirm that I didn't have to edit my Nginx configuration. It had nothing to do with proxies : the problem was that firewall didn't allow 8081 port.

Here are the commands I've executed on my server, I saved my firewall settings before allowing the port (not sure if the process is the best, but it worked, connection is established and I've got my 101 response code) :

• /etc/init.d/iptables save
• iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
• /etc/init.d/iptables save
• /etc/init.d/iptables restart