nginx代理ws和wss,附全配置文件+WebSocket在线测试工具

测试工具

http://wstool.js.org/

代理ws

#user  nobody;
worker_processes 4;

events {
     worker_connections 1024;
}

http {
    map $http_upgrade $connection_upgrade{
            default upgrade;
            `` close;
    }

    server{
     
        listen 8020;
        location / {
                proxy_pass http://192.168.2.135:5001;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
        }
    } 
}

连接时用
ws://ip:8020

wss

• 公网ip
• 域名绑定公网ip
• 内网ip映射公网
• 配置ssl证书

#user  nobody;
worker_processes 4;

events {
     worker_connections 1024;
}

http {

map $http_upgrade $connection_upgrade {  
    default upgrade;  
    '' close;  
}  
upstream websocket {  
    server 192.168.2.135:8020;  
}  
server {  
    listen 8020 ssl;  
    server_name www.baidu.com;
  ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/xx.pem;
    ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/xx.key;
       ssl_session_timeout 20m;
    ssl_verify_client off;
    location / {  
        proxy_pass http://192.168.2.135:5001;      # 转发
        proxy_http_version 1.1;  
        proxy_set_header Upgrade $http_upgrade;  
        proxy_set_header Connection "Upgrade";  
    }  
}
}

• 比如我们公司公网ip为 www.baidu.com server_name需改成对应的公司域名
• 配置ssl证书

访问地址:wss://www.baidu.com:8020

ssl证书这一块,云服务器都有提供对应的服务.如果都没有可以用openssL生成,要到.pem和.key后缀的ssl证书,配置上去即可.

最终

#user  nobody;
worker_processes 4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;


events {
     worker_connections 1024;
}

http {

map $http_upgrade $connection_upgrade {  
    default upgrade;  
    '' close;  
}  


server {  
    listen 8020 ssl;  
    server_name xxx;
    ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/poolth.eu.org_bundle.pem;
    ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/poolth.eu.org.key;
    ssl_session_timeout 20m;
    ssl_verify_client off;
    location / {  
        proxy_pass http://192.168.2.135:5001;      # 转发
        proxy_http_version 1.1;  
        proxy_set_header Upgrade $http_upgrade;  
        proxy_set_header Connection "Upgrade";  
    }  
}




server {
    listen 8021 ssl;
    server_name xxx;
    ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/poolth.eu.org_bundle.pem;
    ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/poolth.eu.org.key;
    ssl_session_timeout 20m;
    ssl_verify_client off;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass  https://192.168.2.135:90;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
       
        proxy_hide_header X-Frame-Options;
        add_header X-Frame-Options ALLOWALL;

        proxy_max_temp_file_size 0;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
}



server {  
    listen 8022 ssl;  
    server_namexxx;
    ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/poolth.eu.org_bundle.pem;
    ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/poolth.eu.org.key;
    ssl_session_timeout 20m;
    ssl_verify_client off;
    location / {  
        proxy_pass http://192.168.2.135:8888;      # 转发
        proxy_http_version 1.1;  
        proxy_set_header Upgrade $http_upgrade;  
        proxy_set_header Connection "Upgrade";
    }  
}

}