我正在尝试链接代理。第一个用于 SSL,下一个用于调度到服务器。
第一个(secure-gateway-nginx
)仅解开 SSL 并传递给gateway-nginx
:
server {
listen 443 ssl;
server_name secure-gateway-nginx;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://gateway-nginx.default.svc.cluster.local/;
}
}
第二个(gateway-nginx
)发送给central-broker-mqtt
和app
服务器:
server {
listen 80;
server_name gateway-nginx;
location /mqtt {
proxy_pass http://central-broker-mqtt.default.svc.cluster.local/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 1;
}
location /app {
proxy_pass http://app.default.svc.cluster.local/;
}
}
问题是 mqtt 的 websocket 不起作用。例如,该proxy_set_header Upgrade $http_upgrade;
行毫无意义,因为结果为空。$http_upgrade
从 SSL 终端到 mqtt 的直接调度工作正常:
server {
listen 443 ssl;
server_name secure-gateway-nginx;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location /mqtt {
proxy_pass http://central-broker-mqtt.default.svc.cluster.local/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 1;
}
location / {
proxy_pass http://gateway-nginx.default.svc.cluster.local/;
}
}
但我想保留执行 SSL 的 nginx,仅用于 SSL。该怎么做?
编辑:
这似乎有效:
server {
listen 443 ssl;
server_name secure-gateway-nginx;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://gateway-nginx.default.svc.cluster.local/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 1;
}
}
它会产生副作用吗?