nginx配置websocket反向代理

设置

nginx增强理解

nginx增加下面的配置:

    location /ver {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        #default Nginx set http header as itself as hostname
        proxy_set_header Host $proxy_host;
        proxy_connect_timeout 5s;
        proxy_send_timeout 15s;
        proxy_read_timeout 86400s; //默认60s nginx会backend断开ws，那肯定不行，设为1天
        proxy_pass http://localhost:9010;
    }

其中http://localhost:9010是ws的listening server.

当client访问ws://server_name/ver时，nginx将反向到ws server上.

特别注意proxy_set_header Host $proxy_host;的设置,之前不行就是因为这个地方没对.

nginx默认就是这个设置，这里重新设置下，是因为nginx server里设置了proxy_set_header Host $host;

proxy_set_header看这里(https://www.jianshu.com/p/0850db5af284)

anyway, 是设置nginx给转发目的的http header的HOST字段

//设置HOST字段==原始http req header里的HOST
proxy_set_header Host $http_host;
//同上，但是如果header没有这个字段，则设置为nginx里的server_name(理论上就是你访问的url，如www.163.com)
//一般用这个就好
proxy_set_header Host $host;


//设置HOST字段为proxy_pass 后跟着的HOST 
proxy_set_header Host $proxy_host;
//下面是proxy_host = 127.0.0.1
1. proxy_pass http://localhost:9010

假如backends对应的upstream里的server www.xxx.net的ip是10.1.1.1,那么proxy_host就是这个值
2. proxy_pass http://backends

upstream  backends {
    server www.xxx.net
}

顺便说说upstream,这才是反向代理的精髓，比如大家都访问www.xxx.net/res/,通过upstream，把访问均衡到多个web server上. upstream可以选择很多均衡策略.

server {
    listen *:80 default_server;
    server_name www.xxx.net;
    location /res {
        proxy_pass http://backends;
    }
}

upstream backends {
    server http://localhost:8080;
    server http://localhost:8081;
    server http://localhost:8082;
    server 10.20.1.2:8080;
    server 10.20.1.2:8081;
    ...

}

原理

要是知道websocket的握手是借用了http的,一开始的request header:

 --- request header ---
GET /chat HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Host: 127.0.0.1:8001
Origin: http://127.0.0.1:8001
Sec-WebSocket-Key: hj0eNqbhE/A0GkBXDRrYYw==
Sec-WebSocket-Version: 13

下面是respone字段:

  HTTP/1.1 101 Switching Protocols
Content-Length: 0
Upgrade: websocket
Sec-Websocket-Accept: ZEs+c+VBk8Aj01+wJGN7Y15796g=
Server: TornadoServer/4.5.1
Connection: Upgrade
Date: Wed, 21 Jun 2017 03:29:14 GMT

验证过程:

1. client发送随机keySec-WebSocket-Key给server,
2. server进行sha1哈希(+魔数),返回Sec-Websocket-Accept

    def compute_accept_value(key):
        """Computes the value for the Sec-WebSocket-Accept header,
        given the value for Sec-WebSocket-Key.
        """
        sha1 = hashlib.sha1()
        sha1.update(utf8(key))
        sha1.update(b"258EAFA5-E914-47DA-95CA-C5AB0DC85B11")  # Magic value
        return native_str(base64.b64encode(sha1.digest()))

3. client进行同样的操作，验证了server,握手完成