原创

nginx代理ssl实现wss

1.配置ssl这个应该不用说了 主要是转发一下wss

upstream blogadmin {
                server 127.0.0.1:8082  weight=1 max_fails=2 fail_timeout=30s;
}
upstream blogadminWebscoket {
                server 127.0.0.1:8082  weight=1 max_fails=2 fail_timeout=30s;
}
server {
       listen 443 ssl ;
       server_name blogadmin.fireflyi.com ;
       #ssl on;此指令已经废除了
       ssl_certificate aliy_blogadmin.fireflyi.com.pem;
       ssl_certificate_key aliy_blogadmin.fireflyi.com.key;
       ssl_session_timeout 5m;
       ssl_protocols TLSv1.3 TLSv1.1 TLSv1.2; #按照这个协议配置
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
       #fastcgi_param   HTTPS               on;
        #fastcgi_param   HTTP_SCHEME         https;
        ssl_prefer_server_ciphers on;
        location /websocket {
                # proxy_pass http://127.0.0.1:8082;
                proxy_pass http://blogadminWebscoket;
                proxy_http_version 1.1;
                proxy_connect_timeout 5s;
                proxy_read_timeout 150s;
                proxy_send_timeout 10s;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header X-Real-IP $remote_addr;
        }

        location  / {
                proxy_next_upstream     http_500 http_502 http_503 http_504 error timeout invalid_header;
                proxy_set_header        Host  $host;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass              http://blogadmin;
                expires                 0;
               #root   /usr/share/nginx/html/blogadmin/;
        }
        index  index.html index.php;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}

1)其中blogadmin是我博客后台的配置,博客后台同时启了一个 websocket服务,
2)就这么配置完了,挺简单了,不知道在写点啥了。。。
3)ssl证书去腾讯云或者阿里云申请就好了,具体ssl配置随便百度就有很多了

正文到此结束
本文目录