Using WebSocket Without Opening a Dedicated Port

Version

Application Scenario

Some companies enforce strict security policies for project environments, which impose many restrictions on port opening.

If only one port is open, WebSocket connections often fail to be established.

Function Description

When opening the WebSocket port is not feasible, you can forward WebSocket traffic through an existing open port.

This document briefly introduces how to use WebSocket normally with only one open port 8888 in an environment consisting of Linux, Nginx, and Tomcat.

Note:

FineBI provides a built-in containerized WebSocket solution. You are advised to check whether you can use the solution first.

The system can automatically establish WebSocket connections using the web container's built-in WebSocket and reuse existing HTTP ports, requiring no user operation, manual configuration, or additional port opening.

Setting the WebSocket Forwarding Port

Log in to the FineBI system as the admin, choose System Management > System Setting > General, and set WebSocket Request Port, as shown in the following figure.

Set Port in WebSocket Request Port to the only open port of the project. This document takes port 8888 as an example.

Note:

1. In a cluster environment, Proxy Server Configured is selected by default, while in a non-cluster environment, you need to manually select Proxy Server Configured (indicating that you have configured Nginx).

2. FineBI provides a built-in containerized WebSocket solution to help you quickly configure the WebSocket port.

If the General page under System Management > System Setting does not display the WebSocket Setting setting item, it means that the WebSocket connection has been correctly configured and no modification is required.

Modifying the nginx.conf File

In the server block of the Nginx configuration file nginx.conf, add a routing rule to handle requests whose URL includes /socket.io/, and forward WebSocket traffic to the specified open port 8888. The detailed configuration is as follows:

...
server {
        listen 8888;#This is the port to be listened by Nginx. Ensure that the port is consistent with that set in WebSocket Request Port under System Management > System Setting > General > WebSocket Setting.
        server_name _;
        underscores_in_headers on;
        location / {
            proxy_http_version 1.1;
            proxy_pass http://FR.com;
            proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header non_idempotent;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Connection "";
            #proxy_set_header X-Forwarded-Proto "https";
            proxy_connect_timeout 20;
            proxy_read_timeout 1000;
            proxy_send_timeout 300;
        }
        # This part is used to identify requests starting with /socket.io/ and proxy them to the WebSocket upstream server.
        location ^~ /socket.io/ {
            proxy_pass http://WBS.com;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_connect_timeout 20;
            proxy_read_timeout 1000;
            proxy_send_timeout 300;
        }
        ...
}
...

Restarting the Service

Restart Nginx and the FineBI project. The configuration will take effect.

You just need to open the 8888 port to use the FineBI project and WebSocket normally.