NGINX Reverse Proxy for HTTPS

What may be the correct Config for a NGINX as reverseproxy for Zammad? I have config, wich allows me to open the Webfrontend, but the Chat is not working.

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
server {
        listen 443 ssl;
        server_name helpdesk2.ebel.local;
        server_name helpdesk.ebel.local;

        error_log  /var/log/nginx/helpdesk-error.log;
        access_log /var/log/nginx/helpdesk-access.log;

        ssl_certificate /etc/ssl/certs/helpdesk.ebel.local.pem;
        ssl_certificate_key /etc/ssl/private/helpdesk2.ebel.local.key.pem;
        include /etc/ssl/options-ssl-nginx.conf;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_verify_client off;

        # Set global proxy settings
        proxy_read_timeout      360;
        client_max_body_size 50M;

        location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
                expires max;

        location /ws {
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header CLIENT_IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        location / {
                proxy_set_header Host $http_host;
                proxy_set_header CLIENT_IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                gzip on;
                gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
                gzip_proxied any;

I guess the reason why the chat doesnt work, is because a wrong reverse Proxy config.

You’re using zammad-docker-compose? is the IP of the host, and 8080 is the exposed port of the zammad-nginx container? In that case I’d say the configuration for /ws is wrong - it should probably point to port 8080 too.

You can use the browser debug console -> network to figure out whether Zammad can connect to the websocket. There should be a successful request to /ws after pressing F5, and there should be transmitted frames in there.

This is how I’ve configured Apache on our server for that purpose:

zammad.ourcompany.tld ~ # cat /root/zammad-docker-compose/docker-compose.override.yml 
version: '2'

      - "8080:80"
zammad.ourcompany.tld ~ # cat /etc/apache2/sites-enabled/zammad-https.conf              
<IfModule mod_ssl.c>                                                        
    <VirtualHost _default_:443>                         
        ServerAdmin webmaster@localhost                                      
        ServerName zammad.ourcompany.tld                                
        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.                  
        # It is also possible to configure the loglevel for particular
        # modules, e.g.             
        #LogLevel info ssl:warn       
        # Zammad                                                  
        <Location />                                                                  
            ProxyPass http://localhost:8080/                                      
            ProxyPassReverse http://localhost:8080/             
        <Location /ws>                                                              
            ProxyPass ws://localhost:8080/ws                                       
            ProxyPassReverse ws://localhost:8080/ws                               

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.