subicura
commented
9 years ago It seems.. websocket issue.(not test yet) You should add websocket option to nginx. Or use socket.io library instead of websocket.
Closed xueshanf closed 9 years ago
subicura
commented
9 years ago It seems.. websocket issue.(not test yet) You should add websocket option to nginx. Or use socket.io library instead of websocket.
xueshanf
commented
9 years ago @subicura thank you for the reference! I was testing websocket configuration but could not make it work.
I disabled ELB SSL termination (just use plain TCP 443-> TCP->8083) and let Ngnix does the SSL termination. The basic function works like before, but when clicking on a unit to get status, I got no response. The same screenshot like above without websocket configuration. My Chrome browser does support websocket. The Chrome Dev Tool doesn't seem to show the ws connection upgrade hands-shaking.
More thoughts? I will document once I get this working!
Here is the nginx configuration:
upstream fleetui {
server 10.0.42.12:3000;
}
# Websocket configuration
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name fleetui.exmple.com;
# Use websocket. cannot termiate SSL at ELB.
listen 8083;
ssl on;
ssl_certificate /etc/nginx/certs/fleetui.crt;
ssl_certificate_key /etc/nginx/certs/fleetui.key;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/certs/fleetui.htpasswd;
proxy_pass http://fleetui;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /_ping {
auth_basic off;
proxy_pass http://fleetui;
}
}Okay I got it working. This setup uses HTTPS which requires secure websocket protocol wss://. I made changes in controller/unit.js file.
But this breaks the plain HTTP request for unit journal logs. Not sure what's the best solution. Maybe for dev environment, use ws://, for production, use wss://. Or make another configuration setting for it.
You can close this issue.
I am trying to put Nginx before fleet-ui to protect the app. The first fleet dashboard renders fine, but when I click on a unit, the sub window doesn't show status and all buttons are inactive (un-clickable). Running it on port 3000 without the proxy works fine.
The flow is basically like this:
Client request -> ELB port 443 -> Nginx basic auth -> FleetUI port 3000.
Any ideas how to make this work?