笔记

Nginx 配置 https wss

Nginx, 笔记

Nginx 配置 https wss

亲测成功!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
upstream wss_svr {
	server 192.168.0.100:38080 weight=1;  #这里可以是多个服务端IP(分多行),设置权重就可以实现负载均衡了
}

   server {
       listen 443 ssl;
       server_name xxx.xxx.net;
       ssl_certificate /www/ssl/xxx.pem;
       ssl_certificate_key /www/ssl/xxx.key;
       ssl_session_cache    shared:SSL:10m;
       ssl_session_timeout  5m;
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_prefer_server_ciphers on;
       #禁止在header中出现服务器版本,防止黑客利用版本漏洞攻击
       server_tokens off;
       #如果是全站 HTTPS 并且不考虑 HTTP 的话,可以加入 HSTS 告诉你的浏览器本网站全站加密,并且强制用 HTTPS 访问
       #fastcgi_param   HTTPS               on;
       #fastcgi_param   HTTP_SCHEME         https;
       access_log /www/log/httpsaccess2.log;

	location /wss {
		#access_log /var/log/nginx/come-websocket.log;
		proxy_pass http://wss_svr/; # 代理到上面的地址去
		proxy_read_timeout 60s;
		proxy_set_header Host $host;
		proxy_set_header X-Real_IP $remote_addr;
		proxy_set_header X-Forwarded-for $remote_addr;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'Upgrade';
	}
	
       location / {
           proxy_pass  http://xxx.xxx.net;
           proxy_set_header Host      $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_redirect http:// $scheme://; #做https跳转
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
   }