Nginx add_header Sec-WebSocket-Protocol does not work

Question

I use nginx as proxy of my WebSocket traffic and it works great. One of my apps has a requirement to use STOMP, for that I have chosen STOMP js library, which tries to negotiate a protocol via Sec-WebSocket-Protocol header but I have troubles adding this header in the nginx response.

nginx version: nginx/1.6.2

Below is my server block:

server {
  listen 80;
  server_name mware.example.com;

  client_max_body_size 100M;
  keepalive_timeout 5;

  root /srv/applications;
  autoindex off;

  location / {
    # WebSocket
    location = /ws {
      proxy_read_timeout 10m;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_pass http://127.0.0.1:8000/;
      proxy_redirect  http://127.0.0.1:8000/ /;

      # Custom headers
      proxy_set_header  Host            $host;
      proxy_set_header  X-Real-IP       $remote_addr;
      proxy_set_header  REMOTE_PORT     $remote_port;
      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

      #add_header    Sec-WebSocket-Protocol  $http_sec_websocket_protocol;
      add_header    Sec-WebSocket-Protocol  'v10.stomp, v11.stomp';
    }
  }
}

So tried adding the header via $http_sec_websocket_protocol variable as well as literally specifying it, none of this worked for me. Below is the packet capture on the localhost.

Packet sent:

T 10.3.2.100:36798 -> y.y.y.y:80 [AP]
GET /ws HTTP/1.1.
Host: mware.example.com.
Connection: Upgrade.
Pragma: no-cache.
Cache-Control: no-cache.
Upgrade: websocket.
Origin: file://.
Sec-WebSocket-Version: 13.
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36.
Accept-Encoding: gzip, deflate, sdch.
Accept-Language: en-US,en;q=0.8.
Cookie: __utma=82131859.1920436741.1415282304.1421757291.1421760088.10; session_id_api=x.x.x.x-87eeca97-c6db-4010-bef8-f4875a6feb52; session_id_portal=x.x.x.x-ace62281-2446-4708-aa9d-4390eb41e02a.
Sec-WebSocket-Key: bGN7hB4fw7/JuF6A5vSf6A==.
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits.
Sec-WebSocket-Protocol: v10.stomp, v11.stomp.

Nginx response:

T y.y.y.y:80 -> 10.3.2.100:36798 [AP]
HTTP/1.1 101 Switching Protocols.
Server: nginx/1.6.2.
Date: Tue, 17 Nov 2015 09:35:18 GMT.
Connection: upgrade.
Upgrade: websocket.
Sec-WebSocket-Accept: D34d7GBjjQkSC8jrjpixNmMxDMc=.

You can see that Sec-WebSocket-Protocol header is missing.

On the application level I receive properly formatted packet by nginx, with custom headers added, etc.

Upgrade: websocket
Connection: upgrade
Host: mware.example.com
X-Real-IP: x.x.x.x
REMOTE_PORT: 36798
X-Forwarded-For: x.x.x.x
Pragma: no-cache
Cache-Control: no-cache
Origin: file://
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: __utma=82131859.1920436741.1415282304.1421757291.1421760088.10; session_id_api=x.x.x.x-87eeca97-c6db-4010-bef8-f4875a6feb52; session_id_portal=x.x.x.x-ace62281-2446-4708-aa9d-4390eb41e02a
Sec-WebSocket-Key: bGN7hB4fw7/JuF6A5vSf6A==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: v10.stomp, v11.stomp

Answer 1

http://nginx.org/r/add_header

Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. A value can contain variables.

You response with 101 code.

Since version 1.7.5 there is always flag, but you use older version. Also you could consider to use third-party module like headers_more or lua.