Error during WebSocket handshake 400

Question

I got a problem on Ubuntu droplet from digital ocean. I'm using proxy reverse configuration on domain. SSL with certbot. I'm running a socket with forever but when i call the ip:7777 from javascript i receive this error:

WebSocket connection to 'wss://www.mydomain.tld/proxy' failed: Error during WebSocket handshake: Unexpected response code: 400

I tested with http too with direct ip:port and i receive the same error

WebSocket connection to 'ws://myip:7777' failed: Error during WebSocket handshake: Unexpected response code: 400

My configuration for my domain in ngixn is:

server {
    listen      mypublicip:80;
    server_name mydomain.com www.mydomain.com;
    root        /home/admin/web/mydomain.com/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/mydomain.com.log combined;
    access_log  /var/log/nginx/domains/mydomain.com.bytes bytes;
    error_log   /var/log/nginx/domains/mydomain.com.error.log error;

    location / {

        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return  404;
            }

            fastcgi_pass    127.0.0.1:9002;
            fastcgi_index   index.php;
            include         /etc/nginx/fastcgi_params;
        }
    }

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    location /error/ {
        alias   /home/admin/web/mydomain.com/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   /home/admin/web/mydomain.com/stats/;
        include /home/admin/conf/web/mydomain.com.auth*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;

    include     /home/admin/conf/web/nginx.mydomain.com.conf*;
    listen 443 ssl; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



    # Redirect non-https traffic to https
     if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    location /proxy {
       proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://127.0.0.1:7777/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_next_upstream error timeout http_502 http_503 http_504;
    }
}

Answer 1

Webcoskcet hanshake reponse header looks somthing like this.

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Protocol://any additional protocols that reponse may have
Sec-WebSocket-Accept:// accept key

The accept header needs to be genretaed by your server by first taking the key from request header, concatenate the string with string 258EAFA5-E914-47DA-95CA-C5AB0DC85B11". then take the SHA-1 hash of this and then encode it to base64-encoded.