我的 apache 服务器上有一个 SSL 主机,其 VirtualHost 中的内容如下:
<VirtualHost 217.147.92.100:443>
ServerName server.com
ServerAdmin [email protected]
DocumentRoot /somepath/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/something/fullchain.pem
SSLCertificateKeyFile /etc/something/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSLProxyEngine on
ProxyPass "/rtapi/" "ws://localhost:38120/"
ProxyPassReverse "/rtapi/" "ws://localhost:38120/"
<Directory /somepath/>
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
到目前为止还好吗?注意 /rtapi/ 文件夹的代理密码。像往常一样,老牌 Apache 运行良好。
现在对于我们不开心的 nginx,我对它的要求就少多了:
server {
listen 45108 ssl;
ssl on;
ssl_certificate /etc/something/fullchain.pem;
ssl_certificate_key /etc/something/privkey.pem;
location / {
proxy_pass http://localhost:38120;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
我从 nginx 寻找的只是在我的 websocket 服务上添加一个 SSL 包装器并将其代理。
我得到:
2017/08/24 19:55:01 [error] 25018#0: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 71.192.225.239, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:38120/", host: "api.speedracing.tv:45108"
这似乎很有用。哦!我的小型 websocket 服务器肯定没有响应……但等一下。服务器肯定正在运行,因为它接受来自 apache 的代理请求。显然,合乎逻辑的结论是 nginx 是连接,但我真的不明白为什么或如何。