Search
Search

How does Nginx Ingress handle an incoming WebSocket Connection over HTTPS (wss:...) when routing to backend over HTTP? (ws:...)?

Choco Published at Dev
17
Choco

I'm using Nginx Ingress to kubernetes services:

Does Nginx transform the request from wss:... to a ws:... ? OR Does Nginx require the back end to also have HTTPS enabled? Making it a simpler wss:... to wss:... If this is the case, then would a self signed cert be OK on the back-end? and how would I configure the proxy to connect to that back-end successfully?

I currently have Web-sockets working over HTTP to the back-end (ws:... to ws:...) and I don't really know how to go the next level and get this working over HTTPS! I guess that's the main question here.

apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: xxxx-virtual-server
  namespace: {{ .Values.tenantName }}
  labels:
    {{- include "xxxx.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  host:  {{ .Values.tenantName }}.x.cloud
  tls:
    secret: aks-ingress-tls
  upstreams:
  - name: aaa-upstream
    service: aaa-service
    port: 5000
  - name: bbb-upstream-socket
    service: bbb-service-socket
    port: 80
  routes:  
  - path: /
    matches:
    - conditions:
      - header: Upgrade
        value: websocket
      action:
        pass: bbb-upstream-socket 
    action:
      pass: aaa-upstream
Choco

I finally got this working, so for anyone else out there who are wondering the same thing, here is what I found.

I'm using Nginx Ingress to kubernetes services:

Does Nginx transform the request from wss:... to a ws:... Yes it can :-)

Does Nginx require the back end to also have HTTPS enabled: No it doesn't.

Basically we setup the socket to listen on the url "/ws/".

Connect from browser using URL like:

wss://test.cytrack.cloud/ws/

Then using Nginx Ingress Virtual Server Custom Resource we add:

apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: abc-virtual-server
  namespace: abcd
spec:
  host:  abcde
  tls:
    secret: aks-ingress-tls
  upstreams:
  - name: abc-upstream-socket
    service: abc-service-socket
    port: 80
    read-timeout: 300s
    send-timeout: 300s
  - path: /ws/
    action:
      pass: abc-upstream-socket

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

How to run a websocket server on ws and wss at same time that they both communicate or sync data with each other? Or WSS on HTTP and WS on HTTPS?

How to stop chrome from upgrading websockets from WS to WSS when the websocket object is created on an HTTPS page

http to a Node server over https nginx website

nginx ingress routing (default backend 404)

AngularJS Server Backend Handle Incoming HTTP Requests

Unable to access websocket over Kubernetes ingress

How to use ssh over http or https?

Spring SseEmitter over WebSocket connection

Why does my wss:// (WebSockets over SSL/TLS) connection immediately disconnect without giving any errors?

How to debug Kubernetes nginx Ingress redirection from HTTP to HTTPS

Spring TCP send data over incoming connection

Redirection from http to https not working for custom backend service in Kubernetes Nginx Ingress Controller

Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS

React app error: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS

Traefik: http, https, ws, wss on same domain (docker swarm)

How does Kong work over NGINX and OpenResty

How do I send MQTT over websocket w/ paho when I have an HTTP proxy? (java client)

Including a file over a HTTPS connection

Connection reset when uploading files to Azure Web App over HTTPS

RabbitMQ Management Over HTTPS and Nginx

Apache: Proxy websocket wss to ws

WebSocket via ws not connecting but wss is

Does Rebus support using MSMQ over HTTP/HTTPS?

kubernetes nginx ingress fails to redirect HTTP to HTTPS

WSS over Secure SSL connection fails only on FireFox with error 1006

WSS on HTTP vs WSS on HTTPS

Hide HTTPS warning when trying to download files over HTTP with Edge

WCF service not working when accessed over HTTPS and HTTP

How to iterate over a Connection

TOP Ranking

  1. 1

    Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

  2. 2

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  3. 3

    pump.io port in URL

  4. 4

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  5. 5

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  6. 6

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  7. 7

    Emulator wrong screen resolution in Android Studio 1.3

  8. 8

    3D Touch Peek Swipe Like Mail

  9. 9

    Double spacing in rmarkdown pdf

  10. 10

    Svchost high CPU from Microsoft.BingWeather app errors

  11. 11

    How to how increase/decrease compared to adjacent cell

  12. 12

    Using Response.Redirect with Friendly URLS in ASP.NET

  13. 13

    java.lang.NullPointerException: Cannot read the array length because "<local3>" is null

  14. 14

    BigQuery - concatenate ignoring NULL

  15. 15

    How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

  16. 16

    ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

  17. 17

    Can a 32-bit antivirus program protect you from 64-bit threats

  18. 18

    Make a B+ Tree concurrent thread safe

  19. 19

    Bootstrap 5 Static Modal Still Closes when I Click Outside

  20. 20

    Vector input in shiny R and then use it

  21. 21

    Assembly definition can't resolve namespaces from external packages

HotTag

Archive