nginx 反向代理 http转https wss转ws 服务端不变

nginx 反向代理 http转https wss转ws 服务端不变

本篇博客主要解决nginx http转https的配置问题，以及wss转ws的配置,本配置的好处就是后台原http代码不需要做任何修改

主要配置介绍

http配置介绍

http {
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
#include /etc/nginx/conf.d/*.conf;

# 这个server是配置http默认端口80 监听80的请求，然后转发到443端口
server {
    listen       80;
#        listen       [::]:80 default_server;
    server_name  xx.xx.xx.xx;
# 到这句就行了，下面这句就是代理转发的代码
rewrite ^(.*)$ https://${server_name}$1 permanent;
#        root         /usr/share/nginx/html;

    \# Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;

        location / {
# 下面这句是将80端口的请求 代理到8080端口
#       proxy_pass http://xx.xx.xx.xx:8080;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        }

#        error_page 404 /404.html;
#            location = /40x.html {
#           }

#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#           }
}

https配置介绍

server {
    listen       443;
#        listen       [::]:443 ssl http2 default_server;
    server_name  xx.xx.xx.xx;
#   server_name localhost;
#        root         /usr/share/nginx/html;
ssl on;

ssl_certificate "/usr/cert/barrage.crt";
ssl_certificate_key "/usr/cert/barrage.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;    


    # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
# 将443端口的https请求反向代理到8080端口，走http协议，所以后端代码不需要更改
    location /{ 
    proxy_pass http://xx.xx.xx.xx:8080;
    proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
    }


# 配置静态资源访问规则,如果直接代理到tomcat的路径会报404的错误，原因未知，所以这里我把静态资源放到服务器nginx的root资源目录下
location ~ .*\.(jpg|jpeg|gif|png|ico|css|js|pdf)$ {
    root /usr/share/nginx/static/static/;
}

#        error_page 404 /404.html;
#            location = /40x.html {
#        }

#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
}

wss转ws的配置方式 服务器端开启websocket监听请使用0.0.0.0地址，使用localhost和127.0.0.1的话，外网无法访问。

#服务器socket连接端口9999，为了避免冲突，这里用9990反向代理到9999，同时实现了wss转ws，服务器端不需要做修改
server {
    listen 9990;
    server_name xx.xx.xx.xx;
    
    ssl on;
    ssl_certificate "/usr/cert/barrage.crt";
ssl_certificate_key "/usr/cert/barrage.key";
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_prefer_server_ciphers on;
    

    location /{
        #反向代理到9999端口，同时协议转换为http，这样服务器端代码就不需要做修改
        proxy_pass http://120.77.222.242:9999;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        #由于服务器端源码(建议大家做好大小写匹配)只匹配了"Upgrade"字符串,所以如果这里填"upgrade"服务器端会将这条http请求当成普通的请求,导致websocket握手失败
        proxy_set_header Connection "Upgrade";
        proxy_set_header Remote_addr $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 600s;
    }
}