Subscribing to remote broker behind nginx proxy with subdir?

[ghost]

Hi,

I have a broker deployed in a docker swarm, accessible directly (http://whatever.fr:20099), but I would like to be able to subscribe to this broker using an other proxy subdir address: https://my-website.org/whocares/broker.

So far the nginx proxy is configured to proxy_pass https://my-website.org/whocares/broker to http://whatever.fr:8099 with an upstream block:

# my-website.org.conf

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
upstream broker {
    server whatever.fr:8099;            # The docker service broker port inside swarm
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name                 my-website.org;

    # SSL configs...
    # Root and index configs...
    # Others locations...
    # ...

    # Something like "?transport=polling&EIO=4&t=1633100859.4538207" for socket
    location /whocares/broker/ {
        proxy_pass              http://broker$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_read_timeout 86400;
    }
}

Using twistd -n comet --local-ivo=ivo://dom/what#me --receive --remote=my-website.org/whocares/broker:443 --print-event returns:

[twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 21.2.0 (/usr/bin/python3 3.8.10) starting up.
[twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
[-] VOEventReceiverFactory (WhitelistingFactory) starting on 8098
[INFO -] Subscribing to remote broker my-website.org/whocares/broker:443
[INFO VOEventSubscriberFactory] Connection to IPv4Address(type='TCP', host='my-website.org/whocares/broker', port=443) failed; will retry in 1 second
[INFO VOEventSubscriberFactory] Connection to IPv4Address(type='TCP', host='my-website.org/whocares/broker', port=443) failed; will retry in 2 seconds
[INFO VOEventSubscriberFactory] Connection to IPv4Address(type='TCP', host='my-website.org/whocares/broker', port=443) failed; will retry in 6 seconds
... (ad vitam)

while trying twistd -n comet --local-ivo=ivo://dom/what#me --receive --remote=whatever.fr:20099 --print-event works perfectly.

Any help would be welcome to understand and solve (if possible) the problem. Thanks a lot.

[jdswinbank]

I'm afraid I don't know much about how NGINX works (both in general, and specifically not as a reverse proxy), so I'm not sure I can be much help here.

I would assume that NGINX would normally be proxying HTTP traffic. Comet doesn't speak HTTP. A quick check of the first documentation I found (https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) indicates that NGINX can handle a few other application-specific protocols (fastcgi, uwsgi, etc) but none of those seem relevant to Comet. I note the comment in your configuration referring to “some stuff for socket” — perhaps that implies you have some configuration to give you a TCP socket, but this is magic with which I have no familiarity.

I'd suggest debugging by taking Comet out of the equation. Use Netcat, or similar, to show you can establish a raw TCP connection through your proxy on the ports you want. When you're sure that's working, we might have some more clues about what's going wrong.

[ghost]

Thank you very much for the quick answer. I will try Netcat as you suggest to make that work!

[jdswinbank]

Good luck — let me know how you get on!