通过 nginx 代理 wss(对端重置连接)

tag-icon tag-icon nginx proxy https wss
通过 nginx 代理 wss(对端重置连接)

我的浏览器和服务器的 IP 地址是 abcd,现在我有 2 个可能的服务器 URL:

  1. 通过浏览器通过 Nginx

    browser -> https://a.b.c.d/ -> server

  2. 通过 javascript 的 WSS

    browser -> wss://a.b.c.d:10062 -> server

因此,服务器在 443(nginx)上监听,其他一些应用程序在 10062 上监听。我想将第二个连接更改为同一端口(443):

browser -> wss://a.b.c.d/someurl -> server

那么,是否可以在 nginx 中代理到 abcd:10062,如下所示:

server {
    listen 80;
    listen 443 ssl;
    ssl_certificate /path/to/crt/for/https;
    ssl_certificate_key /path/to/key/for/https;

    server_name a.b.c.d;

    location /someurl  {             
        -->> What to write here to create redirect for wss://a.b.c.d:10062 ?  << --
    }

    # the other locations here ('/', etc)
    # ... 
    # ...
 }

我接下来尝试:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

location /someurl {
    proxy_pass http://127.0.0.1:10062;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

但是当去https://abcd/someurl测试显示

2015/12/14 16:12:51 [error] 371#0: *113 connect() failed (111: Connection refused) 
while connecting to upstream, client: my_ip, server: a.b.c.d, request: "GET /someurl HTTP/1.1", 
upstream: "http://127.0.0.1:10062/someurl", host: "a.b.c.d"

但是!:Netstat 显示:

sudo netstat -tnlp | grep :10062
tcp        0      0 a.b.c.d:10062          0.0.0.0:*                   LISTEN      5702/webrtc2sip

因此似乎我需要指定 abcd 而不是 127.0.0.1,所以我尝试了

location /someurl {
    proxy_pass http://a.b.c.d:10062;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

结果:

2015/12/14 16:54:11 [error] 13189#0: *123 recv() failed (104: Connection reset by peer) 
while reading response header from upstream, 
client: my_ip, server: a.b.c.d, request: "GET /someurl HTTP/1.1", upstream: "http://a.b.c.d:10062/someurl", host: "a.b.c.d"

好的。我在传递给代理时将一些 URL 中继了:

location = /someurl {
    return 302 /someurl/;
}

location /someurl/ {
      proxy_pass http://a.b.c.d:10062/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
}

现在当我去https://abcd/someurl或者https://abcd/someurl/, 表明:

2015/12/14 17:14:45 [error] 15836#0: *70 recv() failed (104: Connection reset by peer) 
while reading response header from upstream, client: my_ip, server: a.b.c.d, request: "GET /someurl/ HTTP/1.1", upstream: "http://a.b.c.d:10062/", host: "a.b.c.d"

为什么它显示上游:“http://abcd:10062/“?不应该显示“wss://abcd:10062/”吗?

答案1

回答你的问题:

“为什么它显示上游:”http://abcd:10062/“?不应该显示“wss://abcd:10062/”吗?”

Nginx 以这种方式显示 URI,因为这是配置中提供的方式:

proxy_pass http://a.b.c.d:10062;

我不认为这个细节表明了你的问题,因为你似乎已经遵循了使用 Nginx 作为 WebSocket 代理的推荐语法

相关内容