使用 NGINX 在 SSL 中重定向 websocket 和 json

使用 NGINX 在 SSL 中重定向 websocket 和 json

我快要疯了,想要解决实时博客平台的 neginx 配置问题。

在 http 中它可以工作,配置如下:

/etc/nginx/conf.d/默认.conf

server {
    listen 80 default;
    include /etc/nginx/conf.d/*.inc;
}

/etc/nginx/conf.d/default.inc

location /ws {
    proxy_pass http://localhost:5100;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_read_timeout 3600;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection "Upgrade";
}

location /api {
    proxy_pass http://localhost:5000;
    proxy_set_header Host $HOST;
    expires epoch;

    sub_filter_once off;
    sub_filter_types application/json;
    sub_filter 'http://localhost' 'http://\$host';
}


location /.well-known {
    root /var/tmp;
}
location / {
    root /opt/liveblog/client/dist;
    sub_filter_once off;
    sub_filter_types application/javascript;
    sub_filter 'http://localhost' 'http://\$host';
    sub_filter 'ws://localhost/ws' 'ws://\$host/ws';
}

/etc/nginx/conf.d/params.conf

tcp_nopush on;
tcp_nodelay on;
output_buffers 1 256k;
postpone_output 0;
keepalive_requests 210;
reset_timedout_connection on;
ignore_invalid_headers  on;
server_tokens off;
client_max_body_size 1024m;
recursive_error_pages   on;
server_name_in_redirect off;

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 1;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;

proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_buffering on;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_next_upstream error timeout invalid_header;
proxy_redirect off;
proxy_buffer_size 32k;
proxy_buffers 8 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_body_buffer_size 128k;
proxy_connect_timeout 1;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_cache_min_uses 1;
proxy_temp_path /var/tmp;

这是我进入 SSL 的配置。

server {
    listen 80 default;
    listen  443 ssl;
    server_name live.dmove.it;
    include /etc/nginx/conf.d/*.inc;

    ssl_certificate /etc/letsencrypt/live/live.dmove.it/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/live.dmove.it/privkey.pem; # managed by Certbot
}

和 /etc/nginx/conf.d/default.inc

location /ws {
    proxy_pass http://localhost:5100;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_read_timeout 3600;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
}

location /api {
    proxy_pass http://localhost:5000;
    proxy_set_header Host live.dmove.it;
    expires epoch;

    sub_filter_once off;
    sub_filter_types application/json;
    sub_filter 'http://localhost' 'https://$host';
}


location /.well-known {
    root /var/tmp;
}
location / {
    root /opt/liveblog/client/dist;

    # TODO: use "config.js:server" for user installations
    sub_filter_once off;
    sub_filter_types application/javascript;
    sub_filter 'http://localhost' 'http://$host';
    sub_filter 'ws://localhost/ws' 'ws://$host/ws';
}

javascript 应用程序无法连接到 websocket 或 api

WebSocket connection to 'wss://live.dmove.it:5100/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR

app.bundle.js:142659 GET https://live.dmove.it:5000/api net::ERR_TIMED_OUT

如果我尝试在控制台中

curl -i -H "Accept: application/json" http://localhost/api

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 20 Dec 2018 10:04:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT

因此服务器正在运行...

答案1

您在公共 IP 上仅设置了端口 80(纯)和 443(tls)的服务器。此服务器将特定 URL 转发到本地服务器(localhost)上的端口 5000 或端口 5100。这意味着要访问 websocket 部分,您需要访问wss://live.dmove.it/ws转发到的端口localhost:5100,而不是您尝试过的端口wss://live.dmove.it:5100/...。端口 5100 上没有公共侦听器,只有 localhost 上的侦听器。

相关内容