nginx代理wss和https

阅读更多

nginx启用ssl

yum install openssl openssl-devel -y

./configure --prefix=/usr/local/nginx  --with-http_ssl_module


img]http://dl2.iteye.com/upload/attachment/0128/9904/e0b62951-a384-3178-a74c-2fcc341c2974.png[/img]

证书生成参考
http://blog.csdn.net/weixin_35884835/article/details/52588157

# 1、首先，进入你想创建证书和私钥的目录，例如：
cd /etc/nginx/

# 2、创建服务器私钥，命令会让你输入一个口令：
openssl genrsa -des3 -out server.key 1024

# 3、创建签名请求的证书（CSR）：
openssl req -new -key server.key -out server.csr

# 4、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令：
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key


# 5、最后标记证书使用上述私钥和CSR：
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

nginx配置：

    upstream mybackend {
        server 192.168.62.128:3000;
    }
    server {
        listen       443 ssl;
        #server_name  localhost;
        server_name  bellard.org;

        ssl_certificate      /opt/meituan/qemu/deobfuscated/ssl/server.crt;
        ssl_certificate_key  /opt/meituan/qemu/deobfuscated/ssl/server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
#            root   html;
            root   /opt/meituan/qemu;
            index  index.html index.htm;
        }
        location /tap {
            # switch off logging
            access_log off;

            # redirect all HTTP traffic to localhost:8080
            #proxy_pass http://192.168.62.128:3000;
            #proxy_pass http://bellard.org:3000;
            proxy_pass http://mybackend;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # WebSocket support (nginx 1.4)
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

参考
http://blog.csdn.net/chopin407/article/details/52937645
https://github.com/nicokaiser/nginx-websocket-proxy/blob/df67cd92f71bfcb513b343beaa89cb33ab09fb05/simple-wss.conf
https://stackoverflow.com/questions/12102110/nginx-to-reverse-proxy-websockets-and-enable-ssl-wss
network-websockets.js
改成

tuntapWS_connection = new WebSocket('wss://192.168.62.128/tap', []);

tuntapWS_connection = new WebSocket('wss://bellard.org/tap', []);

/etc/hosts
192.168.62.128    bellard.org
把jslinux从http切换成https，顺带ws换成wss


注意，如果是域名访问的，就把ip都写成域名，否则可能认证错误

• 
• 大小: 4.9 KB

• 查看图片附件