Can anyone explain how proxying websockets wouldn't hit the port number limit on the proxy server? If I understand correctly, when we would proxy tcp connections the workers on the backend server would able to hold only up to 64k connections to the proxy server (in the case when proxy server has only one IP-address)? Am I missing something?
You don't need any special tricks in the backend. The only limits on the backend are the number of file descriptors.
You only need special tricks when you want to simulate a large number of client connections from a single machine (or bunch of machines). The client(s) have a requirement of a unique IP/source-port combination; not the server.
But that case is exactly what we're talking about: a single nginx making over 64K connections to a single backend server. You either need nginx to have multiple IPs or the backend to have multiple listening ports.
But I assumed that backend isn't connected to the client directly, it's connected to the proxy server, and the proxy server holds tcp connections to the clients, and of course can hold millions of them.
In this case, nginx is simply relaying data over an active connection on each. There is an open socket between the client and nginx, and nginx and the backend, for every WebSocket.
There is not a port limit issue, however, as nginx can create more than one connection to a local backend server using unix domain sockets. But the backend server has to then manage multiple open connections, as well, one for each WebSocket.
It is a problem if you for some reason cannot use unix sockets. For example if the application server is either running on a different machine or does not have any unix socket implementation.
