我快要疯了,想要解决实时博客平台的 neginx 配置问题。
在 http 中它可以工作,配置如下:
/etc/nginx/conf.d/默认.conf
server {
listen 80 default;
include /etc/nginx/conf.d/*.inc;
}
/etc/nginx/conf.d/default.inc
location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host $HOST;
expires epoch;
sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'http://\$host';
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/liveblog/client/dist;
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'http://\$host';
sub_filter 'ws://localhost/ws' 'ws://\$host/ws';
}
/etc/nginx/conf.d/params.conf
tcp_nopush on;
tcp_nodelay on;
output_buffers 1 256k;
postpone_output 0;
keepalive_requests 210;
reset_timedout_connection on;
ignore_invalid_headers on;
server_tokens off;
client_max_body_size 1024m;
recursive_error_pages on;
server_name_in_redirect off;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 1;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_buffering on;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_next_upstream error timeout invalid_header;
proxy_redirect off;
proxy_buffer_size 32k;
proxy_buffers 8 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_body_buffer_size 128k;
proxy_connect_timeout 1;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_cache_min_uses 1;
proxy_temp_path /var/tmp;
这是我进入 SSL 的配置。
server {
listen 80 default;
listen 443 ssl;
server_name live.dmove.it;
include /etc/nginx/conf.d/*.inc;
ssl_certificate /etc/letsencrypt/live/live.dmove.it/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/live.dmove.it/privkey.pem; # managed by Certbot
}
和 /etc/nginx/conf.d/default.inc
location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host live.dmove.it;
expires epoch;
sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'https://$host';
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/liveblog/client/dist;
# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'http://$host';
sub_filter 'ws://localhost/ws' 'ws://$host/ws';
}
javascript 应用程序无法连接到 websocket 或 api
WebSocket connection to 'wss://live.dmove.it:5100/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
app.bundle.js:142659 GET https://live.dmove.it:5000/api net::ERR_TIMED_OUT
如果我尝试在控制台中
curl -i -H "Accept: application/json" http://localhost/api
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 20 Dec 2018 10:04:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
因此服务器正在运行...
答案1
您在公共 IP 上仅设置了端口 80(纯)和 443(tls)的服务器。此服务器将特定 URL 转发到本地服务器(localhost)上的端口 5000 或端口 5100。这意味着要访问 websocket 部分,您需要访问wss://live.dmove.it/ws转发到的端口localhost:5100,而不是您尝试过的端口wss://live.dmove.it:5100/...。端口 5100 上没有公共侦听器,只有 localhost 上的侦听器。