[nginx] Reverse WebSocket

network.yml

@@ -74,7 +74,7 @@
         # Services web Crans
         - {from: lutim.crans.org, to: 10.231.136.69}
         - {from: zero.crans.org, to: 10.231.136.76}
-        - {from: pad.crans.org, to: 10.231.136.76}
+        - {from: pad.crans.org, to: "10.231.136.76:9001"}
         - {from: ethercalc.crans.org, to: 10.231.136.203}
         - {from: mediadrop.crans.org, to: 10.231.136.106}
         - {from: videos.crans.org, to: 10.231.136.106}

roles/nginx-reverseproxy/tasks/main.yml

@@ -11,8 +11,11 @@
 
 - name: Copy snippets
   template:
-    src: nginx/snippets/options-ssl.conf.j2
+    src: "nginx/snippets/{{ item }}.j2"
-    dest: /etc/nginx/snippets/options-ssl.conf
+    dest: "/etc/nginx/snippets/{{ item }}"
+  loop:
+    - options-ssl.conf
+    - options-proxypass.conf
 
 - name: Copy dhparam
   template:

roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy.j2

@@ -1,5 +1,12 @@
 {{ ansible_header | comment }}
 
+# Automatic Connection header for WebSocket support
+# See http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
 {% for site in nginx.reverseproxy_sites %}
 # Redirect http://{{ site.from }} to https://{{ site.from }}
 server {
@@ -41,12 +48,8 @@ server {
     real_ip_header P-Real-Ip;
 
     location / {
-        proxy_set_header Host {{ site.from }};
-        proxy_set_header P-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_redirect off;
         proxy_pass http://{{ site.to }};
+        include "/etc/nginx/snippets/options-proxypass.conf";
     }
 }
 

roles/nginx-reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2

@@ -0,0 +1,17 @@
+{{ ansible_header | comment }}
+
+proxy_redirect off;
+proxy_set_header Host $host;
+
+# Pass the real client IP
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+# Tell proxified server that we are HTTPS, fix Wordpress
+proxy_set_header X-Forwarded-Proto https;
+
+# WebSocket support
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $connection_upgrade;
+