小贝子编程

Nginx config for WSS



我在通过 WSS 连接到我的服务器时遇到问题。我按照以下文章使用 websockets 设置 nginx:http://www.letseehere.com/reverse-proxy-web-sockets

以下是我的nginx配置,它服务于Play!应用程序:

#user  nobody;
worker_processes  1;  
error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
tcp {
     upstream websockets {
      ## Play! WS location
       server 127.0.0.1:9000;
     }    
    server {
        listen 80; 
        listen 8000;
        server_name socket.domain.com;
        tcp_nodelay on; 
        proxy_pass websockets;
        proxy_send_timeout 300;
    }   
     # virtual hosting
     #include /usr/local/nginx/vhosts/*;
}
http {
  server {
        listen 443 ssl;
        server_name socket.artoo.in;
        ssl_certificate      /usr/local/nginx/key/socket.domain.com.crt;
        ssl_certificate_key  /usr/local/nginx/key/socket.domain.com.key;
        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;
        location / {
            proxy_pass http://127.0.0.1:9000;
        }
  }
}

虽然服务器可以在 http://socket.domain.com、https://socket.domain.com、ws://socket.domain.com 上访问,但不能 wss://socket.domain.com

我能够以问答的形式整理一个指南,向您展示如何使用NGINX模块完成所有这些操作,;)

NGINX反向代理Websockets并启用SSL (wss://)?

您需要重建NGINX并按照上述问题中的配置进行操作。

我至少通过使用stunnel在短期内解决了它(参考这篇文章:http://www.darkcoding.net/software/proxy-socket-io-and-nginx-on-the-same-port-over-ssl/)。

Stunnel可以将HTTPS转换为HTTP,并通过该令牌将WSS转换为WS。Nginx像往常一样为在9000端口上运行的套接字应用程序提供服务:

/etc/stunnel

/stunnel.conf

[https]
accept  = 443
connect = 80 
TIMEOUTclose = 0
/usr/local/nginx/conf

/nginx.conf

#user  nobody;
worker_processes  1;  
error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
tcp {
     upstream websockets {
      ## Play! WS location
       server 127.0.0.1:9000;
       check interval=3000 rise=2 fall=5 timeout=1000;
     }    
    server {
        listen 80; 
        listen 8000;
        server_name socket.artoo.in;
        tcp_nodelay on; 
        proxy_pass websockets;
        proxy_send_timeout 300;
    }   
     # virtual hosting
     #include /usr/local/nginx/vhosts/*;
}
#http {
#
#  server {
#        listen 443 ssl;
#        server_name socket.artoo.in;
#
#        ssl_certificate      /usr/local/nginx/key/socket.domain.com.crt;
#        ssl_certificate_key  /usr/local/nginx/key/socket.domain.com.key;
#
#        ssl_session_timeout  5m;
#
#        ssl_protocols  SSLv2 SSLv3 TLSv1;
#        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#        ssl_prefer_server_ciphers   on;
#
#        location / {
#            proxy_pass http://127.0.0.1:9000;
#        }
#  }
#}

现在我唯一需要担心的是如何增加 nginx 上 websockets 的超时,连接似乎每 75 秒中断一次(nginx 的默认值)。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium