Massed Compute Icon

Massed Compute

Deploy Nginx WebSocket Proxy with Real-Time Support on Cloud VMs (2026 Guide) banner image

Deploy Nginx WebSocket Proxy with SSL on GPU Cloud (2026 Guide)

HomeBlogRecipesDeploy Nginx WebSocket Proxy with SSL on GPU Cloud (2026 Guide)
Sunny Smith, Co-Founder, Massed Compute June 2026

Deploy Nginx as a WebSocket proxy to handle persistent full-duplex WebSocket connections. This configuration enables real-time bidirectional communication over ws:// and wss:// protocols, supporting Socket.IO, MQTT-over-WebSocket, and any WebSocket server with proper Upgrade header handling.

Nginx WebSocket Proxy SSL Socket.IO MQTT Ubuntu
⚡ Agent Shortcut

Skip the manual setup. This guide exists as a tested, machine-readable recipe in the Massed Compute MCP. Connect an AI agent and say “Deploy an Nginx WebSocket proxy for Socket.IO on port 3000” to provision and configure everything automatically.

WebSocket connections require special proxy handling because they use an HTTP Upgrade handshake to switch from HTTP to the ws:// protocol. A standard HTTP proxy will break this handshake, but Nginx can forward the Upgrade header properly to maintain persistent connections.

This configuration supports Socket.IO applications, MQTT-over-WebSocket brokers, real-time chat applications, and any WebSocket server that needs to be accessible through a proxy layer.

Stack Overview
Component Version Purpose
Nginx 1.18+ WebSocket proxy server
Ubuntu 22.04 LTS Base operating system
Websocat 1.13.0 WebSocket testing tool
Let’s Encrypt Latest SSL certificates (optional)
System Requirements
Resource Minimum Recommended
vCPU 2 cores 4+ cores
RAM 2 GB 4+ GB
Storage 10 GB 20+ GB
Network 100 Mbps 1+ Gbps

Massed Compute VM Pricing

Pricing fetched from the Massed Compute inventory API on June 18, 2026.
SKU Description vCPU RAM Storage Price Capacity
cpu_mini_amd_epyc Mini AMD EPYC 8 32 GiB 400 GB $0.12/hr 38
cpu_small_amd_epyc Small AMD EPYC 14 40 GiB 800 GB $0.22/hr 38
cpu_medium_amd_epyc Medium AMD EPYC 28 80 GiB 1600 GB $0.44/hr 20
cpu_large_amd_epyc Large AMD EPYC 52 160 GiB 3200 GB $0.82/hr 8
cpu_x_large_amd_epyc X-Large AMD EPYC 100 320 GiB 6400 GB $1.56/hr 4
cpu_dedicated_amd_epyc Dedicated AMD EPYC 126 440 GiB 10000 GB $1.98/hr 3

Step-by-Step Deployment

1

Launch VM Instance

Create a new VM with Ubuntu 22.04. Choose at least 2 vCPU and 2 GB RAM for handling WebSocket connections.

# Using Massed Compute CLI
mc instances launch \
  --name websocket-proxy \
  --image ubuntu-22.04 \
  --sku cpu_mini_amd_epyc \
  --ssh-key your-key-name
2

Connect and Update System

SSH into your VM and update the package repository. Install required packages including Nginx and websocat for testing.

ssh ubuntu@YOUR_VM_IP

sudo apt-get update
sudo apt-get install -y nginx

# Install websocat for WebSocket testing
sudo wget -O /usr/local/bin/websocat https://github.com/vi/websocat/releases/download/v1.13.0/websocat.x86_64-unknown-linux-musl
sudo chmod +x /usr/local/bin/websocat
3

Configure WebSocket Proxy

Create the Nginx configuration for WebSocket proxying. This config handles the Upgrade header and sets appropriate timeouts for long-lived connections.

# Create the proxy configuration
sudo tee /etc/nginx/sites-available/wsproxy <<EOF
map \$http_upgrade \$connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection \$connection_upgrade;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;

        # Long timeouts for WebSocket connections
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}
EOF
4

Enable Site and Restart Nginx

Enable the new configuration and restart Nginx to apply changes. Remove the default site to avoid conflicts.

# Remove default site
sudo rm /etc/nginx/sites-enabled/default

# Enable WebSocket proxy site
sudo ln -s /etc/nginx/sites-available/wsproxy /etc/nginx/sites-enabled/

# Test configuration
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx
sudo systemctl enable nginx
5

Test WebSocket Connection

Create a simple WebSocket echo server for testing and verify the proxy works correctly.

# Start a simple WebSocket echo server on port 3000
websocat -s 127.0.0.1:3000 &

# Test WebSocket connection through proxy
echo "Hello WebSocket" | websocat ws://YOUR_VM_IP/

# Should echo back: Hello WebSocket
6

Configure SSL (Optional)

For production use, add SSL support with Let’s Encrypt to enable secure wss:// connections.

# Install Certbot
sudo apt-get install -y certbot python3-certbot-nginx

# Get SSL certificate (replace example.com)
sudo certbot --nginx -d your-domain.com

# Certbot will automatically update Nginx config for HTTPS

Troubleshooting

WebSocket Connection Fails

If WebSocket connections fail to establish, check the Nginx error log and verify the upstream service is running:

# Check Nginx error logs
sudo tail -f /var/log/nginx/error.log

# Verify upstream service is listening
netstat -tlnp | grep :3000

# Test direct connection to upstream
echo "test" | websocat ws://127.0.0.1:3000/

Connection Drops After Idle Time

If connections drop during idle periods, increase the proxy timeouts or add keepalive settings:

# Add to location block in Nginx config
proxy_read_timeout 7200s;
proxy_send_timeout 7200s;
proxy_connect_timeout 60s;

SSL Certificate Issues

For wss:// connections, ensure your SSL certificate covers the domain and Nginx is configured for HTTPS:

# Check SSL certificate status
sudo certbot certificates

# Test SSL configuration
nginx -t

# Verify HTTPS is working
curl -I https://your-domain.com
Socket.IO Configuration: If using Socket.IO, ensure your client connects to the correct path. Socket.IO typically uses /socket.io/ as the default path, which may require updating your Nginx location block.

Skip All of This: Deploy with an AI Agent

This entire guide exists as a tested, machine-readable recipe in the Massed Compute MCP. Instead of running these commands manually, connect an AI agent with MCP support:

{
  "mcpServers": {
    "massed-compute": {
      "type": "http",
      "url": "https://vm.massedcompute.com/api/mcp",
      "headers": { "Authorization": "Bearer MC_TOKEN" }
    }
  }
}

Then say:

“Deploy an Nginx WebSocket proxy for my Socket.IO app running on port 3000. Set up SSL with Let’s Encrypt for secure wss:// connections.”

The agent matches your request against the recipe catalog, provisions the right VM shape, runs the setup and verification steps above, and reports back with the connection details. If any step fails, the deployment stops and reports the specific error.

Recipe last tested: May 29, 2026

Deploy Your WebSocket Proxy Today

Get a production-ready Nginx WebSocket proxy running in under 5 minutes. Pay-per-hour pricing with no upfront costs.

Think it. Build it. Scale it.

Start Free Trial View Pricing

Quick Setup Guide

For experienced users, here’s the condensed version:

# 1. Launch VM and connect
mc instances launch --name ws-proxy --image ubuntu-22.04 --sku cpu_mini_amd_epyc
ssh ubuntu@VM_IP

# 2. Install and configure
sudo apt-get update && sudo apt-get install -y nginx
sudo wget -O /usr/local/bin/websocat https://github.com/vi/websocat/releases/download/v1.13.0/websocat.x86_64-unknown-linux-musl
sudo chmod +x /usr/local/bin/websocat

# 3. Create proxy config
sudo tee /etc/nginx/sites-available/wsproxy <<EOF
map \$http_upgrade \$connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80 default_server;
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection \$connection_upgrade;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}
EOF

# 4. Enable and test
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/wsproxy /etc/nginx/sites-enabled/
sudo systemctl restart nginx

Frequently Asked Questions

01What WebSocket applications does this proxy support?

This Nginx configuration supports any WebSocket application including Socket.IO, native WebSocket servers, MQTT-over-WebSocket brokers, real-time chat applications, and gaming servers. The proxy forwards the HTTP Upgrade header correctly to establish WebSocket connections.

02How do I configure SSL for secure wss:// connections?

Install Certbot with apt-get install certbot python3-certbot-nginx, then run certbot --nginx -d your-domain.com. Certbot automatically configures Nginx for HTTPS and sets up automatic certificate renewal. Your WebSocket clients can then connect using wss:// instead of ws://.

03Why do my WebSocket connections drop after being idle?

The default proxy timeouts may be too short for long-lived WebSocket connections. Increase proxy_read_timeout and proxy_send_timeout to 3600s or higher in your Nginx configuration. Also check if your WebSocket application implements proper ping/pong keepalive mechanisms.

04Can I proxy multiple WebSocket services on different ports?

Yes, create multiple location blocks in your Nginx configuration. For example, location /app1/ can proxy to port 3000 while location /app2/ proxies to port 4000. Each location block needs the same WebSocket headers and timeout settings.

05How do I monitor WebSocket connection performance?

Check Nginx access logs for WebSocket upgrade requests, monitor the $connection_upgrade variable, and use tools like netstat -an | grep :80 to see active connections. For detailed metrics, consider adding the Nginx status module or using monitoring tools like Prometheus with nginx-prometheus-exporter.

Recent Posts

Categories

Tags

, , , , ,

Search