WebSocket connection handshake 404 on /comms (nginx to Node-RED does block Websocket communication)

General
1

Hello the community,

I am actually facing a problem related to Nginx configuration.

Through the nginx.conf, we redirect all the http/https traffic from a specific server_name to the port 1880 where Node-RED is running on. We started Node-RED with pm2.

All static content is loaded correctly, I mean by that all the UI of Node-RED is working perfectly, but we have a popin with the following problem message :

Lost connection to server, reconnecting in 41s. Try now

And when we watch the browser console at the same time we have the following error :

red.min.js:16 WebSocket connection to 'wss://domain.ltd/comms' failed: Error during WebSocket handshake: Unexpected response code: 404

It seems the Websocket connection via /comms does not work.
By the way, when you see domain.ltd, it's just a fake domain used to be able to post here publicly and not having policies issue with my client.

Following you can find the nginx.conf

server {
  listen *:80;
  listen *:443;
  server_name domain.ltd;

  access_log /usr/local/apps/deb/shared/log/nginx-access.log;
  error_log /usr/local/apps/deb/shared/log/nginx-error.log debug;

  location / {
    # Forward headers
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # Increase timeouts
    proxy_connect_timeout 3600;
    proxy_send_timeout 3600;
    proxy_read_timeout 3600;
    # Forward to 1880
    proxy_pass http://localhost:1880/;
    # WebSocket support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  send_timeout 3600;
  keepalive_timeout 90;
}

I attach you also the debug log of nginx :

2019/09/17 10:35:06 [debug] 114327#0: accept on 0.0.0.0:80, ready: 0
2019/09/17 10:35:06 [debug] 114327#0: posix_memalign: 000055E92D359EE0:512 @16
2019/09/17 10:35:06 [debug] 114327#0: *4364 accept: 192.168.161.100:58460 fd:20
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer add: 20: 60000:1568709366606
2019/09/17 10:35:06 [debug] 114327#0: *4364 reusable connection: 1
2019/09/17 10:35:06 [debug] 114327#0: *4364 epoll add event: fd:20 op:1 ev:80002001
2019/09/17 10:35:06 [debug] 114327#0: *4364 http wait request handler
2019/09/17 10:35:06 [debug] 114327#0: *4364 malloc: 000055E92D2F9830:1024
2019/09/17 10:35:06 [debug] 114327#0: *4364 recv: eof:0, avail:1
2019/09/17 10:35:06 [debug] 114327#0: *4364 recv: fd:20 1024 of 1024
2019/09/17 10:35:06 [debug] 114327#0: *4364 reusable connection: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 posix_memalign: 000055E92D29D5D0:4096 @16
2019/09/17 10:35:06 [debug] 114327#0: *4364 http process request line
2019/09/17 10:35:06 [debug] 114327#0: *4364 http request line: "GET /comms HTTP/1.1"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http uri: "/comms"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http args: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http exten: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 posix_memalign: 000055E92D2F2990:4096 @16
2019/09/17 10:35:06 [debug] 114327#0: *4364 http process request header line
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Host: domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Pragma: no-cache"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Cache-Control: no-cache"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Origin: https://domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Sec-WebSocket-Version: 13"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Accept-Encoding: gzip, deflate, br"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,nl;q=0.6"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http alloc large header buffer
2019/09/17 10:35:06 [debug] 114327#0: *4364 malloc: 000055E92D296D10:8192
2019/09/17 10:35:06 [debug] 114327#0: *4364 http large header alloc: 000055E92D296D10 8192
2019/09/17 10:35:06 [debug] 114327#0: *4364 http large header copy: 611
2019/09/17 10:35:06 [debug] 114327#0: *4364 recv: eof:0, avail:1
2019/09/17 10:35:06 [debug] 114327#0: *4364 recv: fd:20 5212 of 7581
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Cookie: ABTClient=true; __fs_dncs_trackingid_1d17b027-b6ae-450c-b053-6ab20900b67a=c95395f4-43dd-45f5-b328-c0b8467cf81e; __fs_dncs_exttrack=1; _ga=GA1.2.1505340498.1527154888; tc_sessionId=V120185241141280.714191348744845; dydu.survey.end.enabled=ImZhbHNlIg%3D%3D; _cs_c=1; AMCV_E5E3E271568FBFF27F000101%40AdobeOrg=MCMID%7C69828136300519096310643714575744630783; _hp2_id.3099737451=%7B%22userId%22%3A%221407938962533240%22%2C%22pageviewId%22%3A%227746834036086838%22%2C%22sessionId%22%3A%220910380388133271%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D; APP_already_connected_Production=particuliers%2Fhome-client; APP_follow_subscription_visited_Production=particuliers%2Fhome-client; tc_cnt_page=63; _evidon_consent_cookie={"consent_date":"2018-08-27T07:26:12.457Z"}; rxVisitor=15387480323109N4L253QDF155LBGKOLBJG1TF0US4SQK; ABTastyPluginModalOnExitIntent173649=viewed; APP_follow_subscription_visited_Testing/Qua=particuliers%2Fhome-client; _fbp=fb.1.1549270980503.445430010; DYDU_clientId=IkVJM3VnaVJHQlRNUjdOcyI%3D; _gcl_au=1.1.1875033673.1552906699; ABTastyPluginSimpleModal169060=viewed; dtLatC=11; dtPC=1$325708408_956h-vGPLGQOAODSJEGADGOSBPDNAOOAILJOML
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Sec-WebSocket-Key: Y+sn/1YOPSWN7U3XIFLkvQ=="
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "X-Forwarded-For: 192.168.103.149"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "X-Forwarded-Host: domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "X-Forwarded-Server: domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header: "Connection: Keep-Alive"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http header done
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer del: 20: 1568709366606
2019/09/17 10:35:06 [debug] 114327#0: *4364 generic phase: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 rewrite phase: 1
2019/09/17 10:35:06 [debug] 114327#0: *4364 test location: "/"
2019/09/17 10:35:06 [debug] 114327#0: *4364 using configuration "/"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http cl:-1 max:10485760
2019/09/17 10:35:06 [debug] 114327#0: *4364 rewrite phase: 3
2019/09/17 10:35:06 [debug] 114327#0: *4364 post rewrite phase: 4
2019/09/17 10:35:06 [debug] 114327#0: *4364 generic phase: 5
2019/09/17 10:35:06 [debug] 114327#0: *4364 generic phase: 6
2019/09/17 10:35:06 [debug] 114327#0: *4364 generic phase: 7
2019/09/17 10:35:06 [debug] 114327#0: *4364 generic phase: 8
2019/09/17 10:35:06 [debug] 114327#0: *4364 access phase: 9
2019/09/17 10:35:06 [debug] 114327#0: *4364 access phase: 10
2019/09/17 10:35:06 [debug] 114327#0: *4364 access phase: 11
2019/09/17 10:35:06 [debug] 114327#0: *4364 post access phase: 12
2019/09/17 10:35:06 [debug] 114327#0: *4364 try files phase: 13
2019/09/17 10:35:06 [debug] 114327#0: *4364 http init upstream, client timer: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 epoll add event: fd:20 op:3 ev:80002005
2019/09/17 10:35:06 [debug] 114327#0: *4364 malloc: 000055E92D298D20:6354
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "Host: "
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script var: "domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "
"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "X-Real-IP: "
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script var: "192.168.161.100"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "
"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "X-Forwarded-For: "
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script var: "192.168.103.149, 192.168.161.100"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "
"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "X-Forwarded-Proto: "
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script var: "http"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "
"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: "Connection: upgrade
"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http script copy: ""
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Pragma: no-cache"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Cache-Control: no-cache"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Origin: https://domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Sec-WebSocket-Version: 13"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Accept-Encoding: gzip, deflate, br"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,nl;q=0.6"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Cookie: ABTClient=true; __fs_dncs_trackingid_1d17b027-b6ae-450c-b053-6ab20900b67a=c95395f4-43dd-45f5-b328-c0b8467cf81e; __fs_dncs_exttrack=1; _ga=GA1.2.1505340498.1527154888; tc_sessionId=V120185241141280.714191348744845; dydu.survey.end.enabled=ImZhbHNlIg%3D%3D; _cs_c=1; AMCV_E5E3E271568FBFF27F000101%40AdobeOrg=MCMID%7C69828136300519096310643714575744630783; _hp2_id.3099737451=%7B%22userId%22%3A%221407938962533240%22%2C%22pageviewId%22%3A%227746834036086838%22%2C%22sessionId%22%3A%220910380388133271%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D; APP_already_connected_Production=particuliers%2Fhome-client; APP_follow_subscription_visited_Production=particuliers%2Fhome-client; tc_cnt_page=63; APP_already_connected_Testing/Qua=particuliers%2Fhome-client; _evidon_consent_cookie={"consent_date":"2018-08-27T07:26:12.457Z"}; rxVisitor=15387480323109N4L253QDF155LBGKOLBJG1TF0US4SQK; ABTastyPluginModalOnExitIntent173649=viewed; APP_follow_subscription_visited_Testing/Qua=particuliers%2Fhome-client; _fbp=fb.1.1549270980503.445430010; DYDU_clientId=IkVJM3VnaVJHQlRNUjdOcyI%3D; _gcl_au=1.1.1875033673.1552906699; ABTastyPluginSimpleModal169060=viewed; dtLatC=11; dtPC=1$325708408_956h-vGPLGQOAODSJEGADGOSBPDNAOOAILJOML
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Sec-WebSocket-Key: Y+sn/1YOPSWN7U3XIFLkvQ=="
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "X-Forwarded-Host: domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "X-Forwarded-Server: domain.ltd"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header:
"GET /comms HTTP/1.1
Host: domain.ltd
X-Real-IP: 192.168.161.100
X-Forwarded-For: 192.168.103.149, 192.168.161.100
X-Forwarded-Proto: http
Connection: upgrade
Pragma: no-cache
Cache-Control: no-cache
Origin: https://domain.ltd
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,nl;q=0.6
Cookie: ABTClient=true; __fs_dncs_trackingid_1d17b027-b6ae-450c-b053-6ab20900b67a=c95395f4-43dd-45f5-b328-c0b8467cf81e; __fs_dncs_exttrack=1; _ga=GA1.2.1505340498.1527154888; tc_sessionId=V120185241141280.714191348744845; dydu.survey.end.enabled=ImZhbHNlIg%3D%3D; _cs_c=1; AMCV_E5E3E271568FBFF27F000101%40AdobeOrg=MCMID%7C69828136300519096310643714575744630783; _hp2_id.3099737451=%7B%22userId%22%3A%221407938962533240%22%2C%22pageviewId%22%3A%227746834036086838%22%2C%22sessionId%22%3A%220910380388133271%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D; APP_already_connected_Production=particuliers%2Fhome-client; APP_follow_subscription_visited_Production=particuliers%2Fhome-client; tc_cnt_page=63; APP_already_connected_Testing/Qua=particuliers%2Fhome-client; _evidon_consent_cookie={"consent_date":"2018-08-27T07:26:12.457Z"}; rxVisitor=15387480323109N4L253QDF155LBGKOLBJG1TF0US4SQK; ABTastyPluginModalOnExitIntent173649=viewed; APP_follow_subscription_visited_Testing/Qua=particuliers%2Fhome-client; _fbp=fb.1.1549270980503.445430010; DYDU_clientId=IkVJM3VnaVJHQlRNUjdOcyI%3D; _gcl_a
2019/09/17 10:35:06 [debug] 114327#0: *4364 http cleanup add: 000055E92D29E5B8
2019/09/17 10:35:06 [debug] 114327#0: *4364 get rr peer, try: 2
2019/09/17 10:35:06 [debug] 114327#0: *4364 get rr peer, current: 000055E92D2CCA90 -1
2019/09/17 10:35:06 [debug] 114327#0: *4364 stream socket 21
2019/09/17 10:35:06 [debug] 114327#0: *4364 epoll add connection: fd:21 ev:80002005
2019/09/17 10:35:06 [debug] 114327#0: *4364 connect to 127.0.0.1:1880, fd:21 #4365
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream connect: -2
2019/09/17 10:35:06 [debug] 114327#0: *4364 posix_memalign: 000055E92D317780:128 @16
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer add: 21: 3600000:1568712906608
2019/09/17 10:35:06 [debug] 114327#0: *4364 http finalize request: -4, "/comms?" a:1, c:2
2019/09/17 10:35:06 [debug] 114327#0: *4364 http request count:2 blk:0
2019/09/17 10:35:06 [debug] 114327#0: *4364 http run request: "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream check client, write event:1, "/comms"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream request: "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream send request handler
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream send request
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream send request body
2019/09/17 10:35:06 [debug] 114327#0: *4364 chain writer buf fl:1 s:6303
2019/09/17 10:35:06 [debug] 114327#0: *4364 chain writer in: 000055E92D2F31E8
2019/09/17 10:35:06 [debug] 114327#0: *4364 writev: 6303 of 6303
2019/09/17 10:35:06 [debug] 114327#0: *4364 chain writer out: 0000000000000000
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer del: 21: 1568712906608
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer add: 21: 3600000:1568712906609
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream request: "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream process header
2019/09/17 10:35:06 [debug] 114327#0: *4364 malloc: 000055E92D29A600:4096
2019/09/17 10:35:06 [debug] 114327#0: *4364 recv: eof:0, avail:1
2019/09/17 10:35:06 [debug] 114327#0: *4364 recv: fd:21 393 of 4096
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy status 404 "404 Not Found"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "X-Powered-By: Express"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Content-Security-Policy: default-src 'self'"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "X-Content-Type-Options: nosniff"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Content-Type: text/html; charset=utf-8"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Content-Length: 144"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Date: Tue, 17 Sep 2019 08:35:06 GMT"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header: "Connection: keep-alive"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy header done
2019/09/17 10:35:06 [debug] 114327#0: *4364 xslt filter header
2019/09/17 10:35:06 [debug] 114327#0: *4364 HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 17 Sep 2019 08:35:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 144
Connection: keep-alive
X-Powered-By: Express
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff

2019/09/17 10:35:06 [debug] 114327#0: *4364 write new buf t:1 f:0 000055E92D2F3518, pos 000055E92D2F3518, size: 271 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 http write filter: l:0 f:0 s:271
2019/09/17 10:35:06 [debug] 114327#0: *4364 http cacheable: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 http proxy filter init s:404 h:0 c:0 l:144
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream process upstream
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe read upstream: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe preread: 144
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe buf free s:0 t:1 f:0 000055E92D29A600, pos 000055E92D29A6F9, size: 144 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe length: 144
2019/09/17 10:35:06 [debug] 114327#0: *4364 input buf #0
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe write downstream: 1
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe write downstream flush in
2019/09/17 10:35:06 [debug] 114327#0: *4364 http output filter "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http copy filter: "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 image filter
2019/09/17 10:35:06 [debug] 114327#0: *4364 xslt filter body
2019/09/17 10:35:06 [debug] 114327#0: *4364 http postpone filter "/comms?" 000055E92D2F3748
2019/09/17 10:35:06 [debug] 114327#0: *4364 write old buf t:1 f:0 000055E92D2F3518, pos 000055E92D2F3518, size: 271 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 write new buf t:1 f:0 000055E92D29A600, pos 000055E92D29A6F9, size: 144 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 http write filter: l:0 f:0 s:415
2019/09/17 10:35:06 [debug] 114327#0: *4364 http copy filter: 0 "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 pipe write downstream done
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer: 21, old: 1568712906609, new: 1568712906611
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream exit: 0000000000000000
2019/09/17 10:35:06 [debug] 114327#0: *4364 finalize http upstream request: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 finalize http proxy request
2019/09/17 10:35:06 [debug] 114327#0: *4364 free rr peer 2 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 close http upstream connection: 21
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D317780, unused: 48
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer del: 21: 1568712906609
2019/09/17 10:35:06 [debug] 114327#0: *4364 reusable connection: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 http upstream temp fd: -1
2019/09/17 10:35:06 [debug] 114327#0: *4364 http output filter "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http copy filter: "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 image filter
2019/09/17 10:35:06 [debug] 114327#0: *4364 xslt filter body
2019/09/17 10:35:06 [debug] 114327#0: *4364 http postpone filter "/comms?" 00007FFF5E15D950
2019/09/17 10:35:06 [debug] 114327#0: *4364 write old buf t:1 f:0 000055E92D2F3518, pos 000055E92D2F3518, size: 271 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 write old buf t:1 f:0 000055E92D29A600, pos 000055E92D29A6F9, size: 144 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 write new buf t:0 f:0 0000000000000000, pos 0000000000000000, size: 0 file: 0, size: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 http write filter: l:1 f:0 s:415
2019/09/17 10:35:06 [debug] 114327#0: *4364 http write filter limit 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 writev: 415 of 415
2019/09/17 10:35:06 [debug] 114327#0: *4364 http write filter 0000000000000000
2019/09/17 10:35:06 [debug] 114327#0: *4364 http copy filter: 0 "/comms?"
2019/09/17 10:35:06 [debug] 114327#0: *4364 http finalize request: 0, "/comms?" a:1, c:1
2019/09/17 10:35:06 [debug] 114327#0: *4364 set http keepalive handler
2019/09/17 10:35:06 [debug] 114327#0: *4364 http close request
2019/09/17 10:35:06 [debug] 114327#0: *4364 http log handler
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D29A600
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D298D20
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D29D5D0, unused: 0
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D2F2990, unused: 45
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D2F9830
2019/09/17 10:35:06 [debug] 114327#0: *4364 hc free: 0000000000000000
2019/09/17 10:35:06 [debug] 114327#0: *4364 hc busy: 000055E92D35A0B8 1
2019/09/17 10:35:06 [debug] 114327#0: *4364 free: 000055E92D296D10
2019/09/17 10:35:06 [debug] 114327#0: *4364 tcp_nodelay
2019/09/17 10:35:06 [debug] 114327#0: *4364 reusable connection: 1
2019/09/17 10:35:06 [debug] 114327#0: *4364 event timer add: 20: 90000:1568709396611

Does anybody know this problem?
I saw there is a similar issue in the forum there :
https://discourse.nodered.org/t/reverse-proxy-from-nginx-to-node-red-does-block-websocket-communication/9268/10

They advised that it is a SSL issue related to a self-signed cert, but our certificate is issued by a certified corporation COMODO RSA Organization Validation Secure Server CA

Extras informations that may help you :

  • Node RED v0.20.8
  • node v9.11.2
  • npm 5.6.0
  • nginx 1.12.2
  • pm2 3.0.4
  • Red Hat Enterprise Linux Server 7.5 x86-64

Thanks in advance

2

It looks to me as though you are accepting connections on https but don't have it configured anywhere.

The websocket connection is failing on wss: which is the TLS secured version of ws: and is invoked automatically when the main connection comes over https.

So you either have to configure Node-RED with TLS or (a much better solution in my view) configure NGINX to terminate the TLS connections instead.

While I've not actually checked this, it looks like it may help:

3

Actually, we have a load balancer Apache in front, he takes every incoming traffics from outside and forward it to the available server throught HTTP only since we are internally. So, I think what you mean by "terminate the TLS connections instead" is already the case here.

I updated the nginx.conf as below :

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name domain.ltd;

  access_log /usr/local/apps/deb/shared/log/nginx-access.log;
  error_log /usr/local/apps/deb/shared/log/nginx-error.log debug;

  location / {
    # Forward headers
    proxy_set_header Host $http_host;
    # The X- header must be explicitly set to ensure that the infos logged by the app are correct.
    # Without explicitly adding this header, all connections will appear to come from the Nginx server.
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Secret-Header "TEST";
    # Increase timeouts
    proxy_connect_timeout 3600;
    proxy_send_timeout 3600;
    proxy_read_timeout 3600;
    # Forward to 1880
    proxy_pass http://localhost:1880/;
    # By default, Nginx will buffer communication between itself and the browser,
    # effectively disrupting the stream of events and updates required for remote desktop.
    # Without disabling buffering, the app connection will at best be slow, and at worst not function at all.
    proxy_buffering off;
    proxy_http_version 1.1;
    # The Upgrade and Connection headers are required parts of the WebSocket protocol.
    # If omitted here, WebSocket will not function correctly, and the app will fall back to HTTP streaming, which is less efficient.
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  send_timeout 3600;
  keepalive_timeout 90;
}

I added a header X-Secret-Header "TEST" to ensure in the log, that the traffic is coming to my block, and it's the case here, but I still have the error code 404 on /comms.

Do you have any other idea ?

I attached again the nginx-error.log :

2019/09/17 12:08:07 [debug] 48198#0: *20 http keepalive handler
2019/09/17 12:08:07 [debug] 48198#0: *20 malloc: 0000555AEB7ABC50:1024
2019/09/17 12:08:07 [debug] 48198#0: *20 recv: eof:0, avail:1
2019/09/17 12:08:07 [debug] 48198#0: *20 recv: fd:22 708 of 1024
2019/09/17 12:08:07 [debug] 48198#0: *20 reusable connection: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 posix_memalign: 0000555AEB74F5D0:4096 @16
2019/09/17 12:08:07 [debug] 48198#0: *20 event timer del: 22: 1568714952472
2019/09/17 12:08:07 [debug] 48198#0: *20 http process request line
2019/09/17 12:08:07 [debug] 48198#0: *20 http request line: "GET /comms HTTP/1.1"
2019/09/17 12:08:07 [debug] 48198#0: *20 http uri: "/comms"
2019/09/17 12:08:07 [debug] 48198#0: *20 http args: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http exten: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 posix_memalign: 0000555AEB7A4990:4096 @16
2019/09/17 12:08:07 [debug] 48198#0: *20 http process request header line
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Host: domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Pragma: no-cache"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Cache-Control: no-cache"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Mobile Safari/537.36"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Origin: https://domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Sec-WebSocket-Version: 13"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Accept-Encoding: gzip, deflate, br"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Sec-WebSocket-Key: 8lpwIBcZ55eJ4xMv1YzcCA=="
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "X-Forwarded-For: 65.154.234.26"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "X-Forwarded-Host: domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "X-Forwarded-Server: domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header: "Connection: Keep-Alive"
2019/09/17 12:08:07 [debug] 48198#0: *20 http header done
2019/09/17 12:08:07 [debug] 48198#0: *20 generic phase: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 rewrite phase: 1
2019/09/17 12:08:07 [debug] 48198#0: *20 test location: "/"
2019/09/17 12:08:07 [debug] 48198#0: *20 using configuration "/"
2019/09/17 12:08:07 [debug] 48198#0: *20 http cl:-1 max:10485760
2019/09/17 12:08:07 [debug] 48198#0: *20 rewrite phase: 3
2019/09/17 12:08:07 [debug] 48198#0: *20 post rewrite phase: 4
2019/09/17 12:08:07 [debug] 48198#0: *20 generic phase: 5
2019/09/17 12:08:07 [debug] 48198#0: *20 generic phase: 6
2019/09/17 12:08:07 [debug] 48198#0: *20 generic phase: 7
2019/09/17 12:08:07 [debug] 48198#0: *20 generic phase: 8
2019/09/17 12:08:07 [debug] 48198#0: *20 access phase: 9
2019/09/17 12:08:07 [debug] 48198#0: *20 access phase: 10
2019/09/17 12:08:07 [debug] 48198#0: *20 access phase: 11
2019/09/17 12:08:07 [debug] 48198#0: *20 post access phase: 12
2019/09/17 12:08:07 [debug] 48198#0: *20 try files phase: 13
2019/09/17 12:08:07 [debug] 48198#0: *20 http init upstream, client timer: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "Host: "
2019/09/17 12:08:07 [debug] 48198#0: *20 http script var: "domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "
"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "X-Real-IP: "
2019/09/17 12:08:07 [debug] 48198#0: *20 http script var: "192.168.161.100"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "
"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "X-Forwarded-For: "
2019/09/17 12:08:07 [debug] 48198#0: *20 http script var: "65.154.234.26, 192.168.161.100"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "
"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "X-Forwarded-Proto: "
2019/09/17 12:08:07 [debug] 48198#0: *20 http script var: "http"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "
"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "X-Test-Header: SECRET
"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: "Connection: upgrade
"
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http script copy: ""
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Pragma: no-cache"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Cache-Control: no-cache"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Mobile Safari/537.36"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Origin: https://domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Sec-WebSocket-Version: 13"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Accept-Encoding: gzip, deflate, br"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Sec-WebSocket-Key: 8lpwIBcZ55eJ4xMv1YzcCA=="
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "X-Forwarded-Host: domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "X-Forwarded-Server: domain.ltd"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header:
"GET /comms HTTP/1.1
Host: domain.ltd
X-Real-IP: 192.168.161.100
X-Forwarded-For: 65.154.234.26, 192.168.161.100
X-Forwarded-Proto: http
X-Test-Header: SECRET
Connection: upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Mobile Safari/537.36
Origin: https://domain.ltd
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Sec-WebSocket-Key: 8lpwIBcZ55eJ4xMv1YzcCA==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
X-Forwarded-Host: domain.ltd
X-Forwarded-Server: domain.ltd

"
2019/09/17 12:08:07 [debug] 48198#0: *20 http cleanup add: 0000555AEB7505A0
2019/09/17 12:08:07 [debug] 48198#0: *20 get rr peer, try: 2
2019/09/17 12:08:07 [debug] 48198#0: *20 get rr peer, current: 0000555AEB77DDF8 0
2019/09/17 12:08:07 [debug] 48198#0: *20 stream socket 26
2019/09/17 12:08:07 [debug] 48198#0: *20 epoll add connection: fd:26 ev:80002005
2019/09/17 12:08:07 [debug] 48198#0: *20 connect to 127.0.0.1:1880, fd:26 #107
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream connect: -2
2019/09/17 12:08:07 [debug] 48198#0: *20 posix_memalign: 0000555AEB7C9780:128 @16
2019/09/17 12:08:07 [debug] 48198#0: *20 event timer add: 26: 3600000:1568718487944
2019/09/17 12:08:07 [debug] 48198#0: *20 http finalize request: -4, "/comms?" a:1, c:2
2019/09/17 12:08:07 [debug] 48198#0: *20 http request count:2 blk:0
2019/09/17 12:08:07 [debug] 48198#0: *20 http run request: "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream check client, write event:1, "/comms"
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream request: "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream send request handler
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream send request
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream send request body
2019/09/17 12:08:07 [debug] 48198#0: *20 chain writer buf fl:1 s:798
2019/09/17 12:08:07 [debug] 48198#0: *20 chain writer in: 0000555AEB7505B8
2019/09/17 12:08:07 [debug] 48198#0: *20 writev: 798 of 798
2019/09/17 12:08:07 [debug] 48198#0: *20 chain writer out: 0000000000000000
2019/09/17 12:08:07 [debug] 48198#0: *20 event timer del: 26: 1568718487944
2019/09/17 12:08:07 [debug] 48198#0: *20 event timer add: 26: 3600000:1568718487944
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream request: "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream process header
2019/09/17 12:08:07 [debug] 48198#0: *20 malloc: 0000555AEB748D10:4096
2019/09/17 12:08:07 [debug] 48198#0: *20 recv: eof:0, avail:1
2019/09/17 12:08:07 [debug] 48198#0: *20 recv: fd:26 393 of 4096
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy status 404 "404 Not Found"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "X-Powered-By: Express"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Content-Security-Policy: default-src 'self'"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "X-Content-Type-Options: nosniff"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Content-Type: text/html; charset=utf-8"

â–˝
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Content-Length: 144"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Date: Tue, 17 Sep 2019 10:08:07 GMT"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header: "Connection: keep-alive"
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy header done
2019/09/17 12:08:07 [debug] 48198#0: *20 xslt filter header
2019/09/17 12:08:07 [debug] 48198#0: *20 HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 17 Sep 2019 10:08:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 144
Connection: keep-alive
X-Powered-By: Express
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff

2019/09/17 12:08:07 [debug] 48198#0: *20 write new buf t:1 f:0 0000555AEB7A5860, pos 0000555AEB7A5860, size: 271 file: 0, size: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 http write filter: l:0 f:0 s:271
2019/09/17 12:08:07 [debug] 48198#0: *20 http proxy filter init s:404 h:0 c:0 l:144
2019/09/17 12:08:07 [debug] 48198#0: *20 posix_memalign: 0000555AEB749D20:4096 @16
2019/09/17 12:08:07 [debug] 48198#0: *20 http upstream process non buffered downstream
2019/09/17 12:08:07 [debug] 48198#0: *20 http output filter "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 http copy filter: "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 image filter
2019/09/17 12:08:07 [debug] 48198#0: *20 xslt filter body
2019/09/17 12:08:07 [debug] 48198#0: *20 http postpone filter "/comms?" 0000555AEB7A5980
2019/09/17 12:08:07 [debug] 48198#0: *20 write old buf t:1 f:0 0000555AEB7A5860, pos 0000555AEB7A5860, size: 271 file: 0, size: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 write new buf t:0 f:0 0000000000000000, pos 0000555AEB748E09, size: 144 file: 0, size: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 http write filter: l:0 f:1 s:415
2019/09/17 12:08:07 [debug] 48198#0: *20 http write filter limit 0
2019/09/17 12:08:07 [debug] 48198#0: *20 writev: 415 of 415
2019/09/17 12:08:07 [debug] 48198#0: *20 http write filter 0000000000000000
2019/09/17 12:08:07 [debug] 48198#0: *20 http copy filter: 0 "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 finalize http upstream request: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 finalize http proxy request
2019/09/17 12:08:07 [debug] 48198#0: *20 free rr peer 2 0
2019/09/17 12:08:07 [debug] 48198#0: *20 close http upstream connection: 26
2019/09/17 12:08:07 [debug] 48198#0: *20 free: 0000555AEB7C9780, unused: 48
2019/09/17 12:08:07 [debug] 48198#0: *20 event timer del: 26: 1568718487944
2019/09/17 12:08:07 [debug] 48198#0: *20 reusable connection: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 http output filter "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 http copy filter: "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 image filter
2019/09/17 12:08:07 [debug] 48198#0: *20 xslt filter body
2019/09/17 12:08:07 [debug] 48198#0: *20 http postpone filter "/comms?" 00007FFF42939E40
2019/09/17 12:08:07 [debug] 48198#0: *20 write new buf t:0 f:0 0000000000000000, pos 0000000000000000, size: 0 file: 0, size: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 http write filter: l:1 f:0 s:0
2019/09/17 12:08:07 [debug] 48198#0: *20 http copy filter: 0 "/comms?"
2019/09/17 12:08:07 [debug] 48198#0: *20 http finalize request: 0, "/comms?" a:1, c:1
2019/09/17 12:08:07 [debug] 48198#0: *20 set http keepalive handler
2019/09/17 12:08:07 [debug] 48198#0: *20 http close request
2019/09/17 12:08:07 [debug] 48198#0: *20 http log handler
2019/09/17 12:08:07 [debug] 48198#0: *20 free: 0000555AEB748D10
2019/09/17 12:08:07 [debug] 48198#0: *20 free: 0000555AEB74F5D0, unused: 8
2019/09/17 12:08:07 [debug] 48198#0: *20 free: 0000555AEB7A4990, unused: 0
2019/09/17 12:08:07 [debug] 48198#0: *20 free: 0000555AEB749D20, unused: 3520
2019/09/17 12:08:07 [debug] 48198#0: *20 free: 0000555AEB7ABC50
2019/09/17 12:08:07 [debug] 48198#0: *20 hc free: 0000000000000000
2019/09/17 12:08:07 [debug] 48198#0: *20 hc busy: 0000000000000000 0
2019/09/17 12:08:07 [debug] 48198#0: *20 reusable connection: 1
2019/09/17 12:08:07 [debug] 48198#0: *20 event timer add: 22: 90000:1568714977945
4

Had the same issues although I have a fully valid letsenrypt cert. So ssl-cert is not the issue.
As per tcp - NGINX to reverse proxy websockets AND enable SSL (wss://)? - Stack Overflow

I added the following to my nginx.conf:

location /comms {
proxy_pass http:// localhost:1880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}

the full (anonymized) conf that works for me reads:

server {
listen 443;
server_name myinternethost.example.com;

include /etc/nginx/globalconf/ssl.conf;

access_log                  /var/log/nginx/nodered/access.log;
error_log                   /var/log/nginx/nodered/error.log;

location /comms {

proxy_pass http:// localhost:1880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;

}


location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade "websocket";
    proxy_pass              http:// localhost:1880;
}

}

Please remove the stupid spaces in between the http:// and the FQDNs I was forced to put them in inorder to get around the "a new user can only post 2 links" issue...

1 Like
5

One additional aspect: If you have an admin password set and a different password for the UI, the error gets fired if you log into the admin-area but not into the UI (which needs the websockets). Once I am logged into both, the above config does the trick. Of course, just being logged into the UI also works. Maybe the maintainers can take care of that by making sure that someone who can access the admin page can also access the Ui by default... :)...

6

I'm still having this issue. I do not use an SSL connection but still, ws://mydomain.com/comms is getting blocked. I added nginx to forward the /comms path to the localhost:1880, but didn't seem to work for me. Any new suggestions?

`server {
  listen 80;

  server_name mydomain.com;


location /comms {
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_read_timeout 86400;
   proxy_pass              http://localhost:1880;
}
}