Nginx Proxy

What is Nginx?

Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. It was created by Igor Sysoev started development of Nginx in 2002, with the first public release in 2004.
Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains and is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

Why we recommend Nginx?

As jWebSocket server runs using unsecure ports, the client may want to run jWebSocket on ports 443 and 80, however, these ports could be in use by a Web Server like Apache, so the port can not be used in that case. Then we need to find a way to wrap the WebSocket messages coming to these ports and redirect them to our jWebSocket engines running in another port. To make that possible we use Nginx as a proxy on top of an Apache server.

Getting started

The first step is download the latest version of Nginx. Once the download is complete we recommend you to follow the installation steps from their own website.
However here we will provide a few basic steps for a quick installation under Windows:
1- Once you downloaded Nginx extract it to the folder c:\nginx
2- If you want to have a service to run nginx, download Windows Service Wrapper winsw-1.9-bin.exe in c:\nginx and rename to nginx-service.exe. Information to the windows service wrapper you will find here.
3- Create file nginx-service.xml in the same folder c:\nginx with the following contents:
<service>
	<id>Nginx</id>
	<name>Nginx</name>
	<description>Nginx service</description>
	<executable>c:\nginx\nginx.exe</executable>
	<logpath>c:\nginx\</logpath>
	<logmode>roll</logmode>
	<depend></depend>
	<startargument>-p c:\nginx</startargument>
	<stopargument>-p c:\nginx -s stop</stopargument>
</service>
4- Then you will need to create a simple script, to install the service called installNginxService.bat with this content:
echo Please wait, installing the nginx service...
nginx-service.exe install
echo NGINX service installation successfull, thanks!
pause 
5- Run the installNginxService.bat script and then check your services window, it must be already installed, then you only need to start the service after you have successfully configured nginx, please check the following step before running the nginx service.

Configuring Nginx to run on ports 80 and 443 as a proxy to Apache and jWebSocket 

Now you must be wondering how can we run Apache and Nginx using the same ports 443 and 80. That unfortunately is not possible, but what you should do is run Apache on ports 81 for unsecure connections and 444 for secure connections.
Then we need to run Nginx on ports 80 and 443 to redirect WebSocket (ws/wss) requests to jWebSocket running on ports 8787 and 9797, and HTTP/HTTPS requests to Apache running on ports 81 and 444.

The configuration file should look as follows:
 

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
	proxy_read_timeout 60000s;

    #gzip  on;
	
	map $http_upgrade $connection_upgrade {
       	default upgrade;
       	'' close;
   	}

    server {
        listen 80;
		server_name default_server;
		index index.html index.htm;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
           # proxy to apache web server 
			proxy_pass http://127.0.0.1:81/;
			proxy_http_version 1.1;
        }
		location /jWebSocket/ {
			# proxy to the websocket server
			proxy_pass http://127.0.0.1:8787/jWebSocket/jWebSocket;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection $connection_upgrade;
		}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # HTTPS server
    #
    server {
        listen       443 ssl;
		
        server_name  default_server;

        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;
		
        #ssl_session_cache    shared:SSL:1m;
        #ssl_session_timeout  5m;

        #ssl_ciphers  HIGH:!aNULL:!MD5;
        #ssl_prefer_server_ciphers  on;

		location / {
           # proxy to apache web server 
                #  NOTE: We don't need to redirect to ports 444 and 9797 because 
                #  the certificate decription has been done already on Nginx, so we 
                #  pass the request to the normal ports HTTP 81 running Apache 
                #  and 8787 jWebSocket
		#	proxy_pass https://127.0.0.1:444/;
			proxy_pass http://127.0.0.1:81/;
			proxy_http_version 1.1;
        }
		location /jWebSocket/ {
			# proxy to the websocket server
			proxy_pass http://127.0.0.1:8787/jWebSocket/jWebSocket;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection $connection_upgrade;
		}
    }
}

Some extra parameters to control Nginx

To start nginx, run the executable file. Once nginx is started, it can be controlled by invoking the executable with the -s parameter. Use the following syntax:
 

nginx -s signal

Where signal may be one of the following:

stop — fast shutdown
quit — graceful shutdown
reload — reloading the configuration file
reopen — reopening the log files

So, for example to stop nginx you can use :

nginx -s stop

Or to reload a change in the configuration file you can just use:

nginx -s reload

Conclusions

With a nginx proxy we solved a lot of problems for browsers that don't accept self signed certificates via an unsecure port like 9797, so to avoid the user to do this process manually, we proved that both wss and https content can be served on the same port which makes your connection trusted for important customers.
Publications

Learn more about WebSockets in general, get background information and gain deeper insight!

Join jWebSocket

Wether developer, designer or translator – join the jWebSocket team and grow together with our success!

Copyright © 2013 Innotrade GmbH. All rights reserved.