My understanding is that this will set the proper headers for websocket
Specifically, it will add a "Connection" header with value "Upgrade" and add
an "Upgrade" header with whatever value the client passes to it in the
"Upgrade" header (i.e. add the header on for hop-to-hop to upstream server).
In the case of websockets, the Upgrade header will be "websocket."
I am executing the following curl command to my server directly on my LAN
(no NGINX involved)
My understanding is NGINX strips/doesn't pass along any empty headers. Based
on my my local IP test, it is clear that the appropriate header is set (you
can see it in my sent curl statement and in the packet that the server
receives). However, due to the fact that it is not passed on to the upstream
server via NGINX, it would appear that NGINX thinks the $http_upgrade is
empty from the client and therefore not passing it on.
Got it figured out, this is a quirk of HTTP/2.0 vs 1.1. Per RFC-2616:
The Upgrade header field is intended to provide a simple mechanism for
transition from HTTP/1.1 to some other, incompatible protocol.
It looks like nginx discards the Upgrade header, when presented by a client,
if the client communicates via HTTP2.0 already. You can confirm this by
using the --http1.1 flag with curl and looking at the headers being
As for your issue about needing to include both the LE cert and your
own in one file... Most people figure that out when they enable OCSP
stapling... hehe... But yeah, I was scratching my head too for a bit
at first then I found some posts mentioning what to do...
nginx mailing list
[hidden email] http://mailman.nginx.org/mailman/listinfo/nginx
Yes, it is solved with the proper cert configuration.
I hadn't fully validated some advanced SSL options like OCSP stapling as I
was first trying to get all the basics working.
Since my browsers all validated the certificate chain without issue, I had
assumed they were installed properly.
I've had the issue with including the full chain (or at least the
intermediate) in the cert file before with some other web server products,
but in those cases none of the clients would properly connect without it.
I've looked at the link you send on the ngx_stream_core_module and googled a
bit more about it. While I see some documentation talking about
configuring, I don't really see much in the way of exactly explaining its
use cases. Best I can tell it is used for load balancing options - but I'm
not sure how they would apply in this case?