Welcome! Log In Create A New Profile

Advanced

Websocket is not working with Nginx Reverse Proxy

September 19, 2021 01:35PM
Hi Team,

I am trying to add nginx reverse proxy behind Check Point Mobile access portal which is a SSL VPN portal. Somehow this not working and when I captured and analyzed the har file I observed that the portal is accepting websocket calls. I tried implementing the same with nginx but I am still unable to find the solution.

Here is what I am seeing with Har file and then I have given my config

################
General:
Request URL: https://vpn.xxxx.com/7D8B79A2-8974-4D7B-A76A-F4F29624C06BMCNu92Dm4l-Zi00Q9XmCAEP2W0TG236BR4s3ROIfxiy7ICrrEllGkIikmth2jOjkklZMt4z1porwm5BgBNByrQ/websocket?url=https%3A%2F%2Fvpn.xxxx.com%2FPortal%2FMain&nocache=1632059231484HTTP Version: HTTP/1.1Request method: GET
Headers:
Cache-Control no-cache
Connection Upgrade
Cookie selected_realm=ssl_vpn; CPCVPN_SESSION_ID=e27df7fe2b0ce359198a5b703b9402d235668bb3; CPCVPN_BASE_HOST=vpn.xxxx.com; CPCVPN_OBSCURE_KEY=23f63321355ce5d11767b258178d9775
DNT 1
Host vpn.xxxx.com
Origin https://vpn.xxxx.com
Sec-WebSocket-Key ehTLIcXsKwaddkSug5rN9Q==
Sec-WebSocket-Version 13
Upgrade websocket
User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Query arguments:
url https://vpn.xxxx.com/Portal/Main
nocache 1632059231484
##############################

And here is my config

*************************
upstream websocket {
server vpn.xxxx.com:443;
}
server {
listen 443 ssl;
server_name vpn.xxxx.com;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/ssls/labcerts/wild.crt;
ssl_certificate_key /etc/nginx/ssls/labcerts/wild.key;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_dhparam /etc/ssl/dhparams2048.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
access_log /var/log/nginx/sslvpn/access.log;
error_log /var/log/nginx/sslvpn/error.log;
error_page 404 403 /custom_404.html;
location = /custom_404.html {
root /usr/share/nginx/html;
internal;
}
location /SNX/ {
proxy_pass https://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
location / {
proxy_send_timeout 90;
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_connect_timeout 30s;
proxy_pass https://websocket;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ssl_server_name on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
********************************************
Subject Author Posted

Websocket is not working with Nginx Reverse Proxy

blason September 19, 2021 01:35PM

Re: Websocket is not working with Nginx Reverse Proxy

blason September 19, 2021 01:36PM

Re: Websocket is not working with Nginx Reverse Proxy

Sergey A. Osokin September 19, 2021 07:14PM

Re: Websocket is not working with Nginx Reverse Proxy

blason September 19, 2021 10:30PM

Re: Websocket is not working with Nginx Reverse Proxy

Sergey A. Osokin September 20, 2021 07:06PM

Re: Websocket is not working with Nginx Reverse Proxy

blason September 20, 2021 11:17PM

Re: Websocket is not working with Nginx Reverse Proxy

Sergey A. Osokin September 22, 2021 01:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 49
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready