duanpu6319 2016-02-16 09:35
浏览 76
已采纳

Nginx:WebSocket通配符位置

I use a nginx instance in front of a Go service.

My current config:

ssl_certificate                 ...
ssl_certificate_key             ...
ssl_ciphers                     ...
ssl_prefer_server_ciphers       on;

server {
        listen         80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen          443 ssl;
        server_name     www.mydomain.com mydomain.com;

        add_header Strict-Transport-Security "max-age=31536000";

        location /ws {   <--- This only works for /ws but not /ws/app1
            proxy_pass http://localhost:8443/ws;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

        location / {    <--- Catches anything, even without wildcard ?!
                proxy_pass http://localhost:8443;
        }
}

server {
        listen 443 ssl;
        server_name *.mydomain.com;
        return 444;
}

Why is this necessary ? Well, as I understand, you have to set the upgrade headers explicitly, so I guess you have to specify another location.

Ideally, I would just use one location, but then websockets are blocked (because upgrade headers never make it to the Go service...)

I'm not a nginx expert, so bear with me =).

[EDIT]

I got it working now. I'm not sure if its ok to always set_header Upgrade/Connection, even if it's not a websocket request, but my Go service doesn't give a ****, so it works for me =]

ssl_certificate                 ...
ssl_certificate_key             ...
ssl_ciphers                     ...
ssl_prefer_server_ciphers       on;

server {
        listen         80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen          443 ssl;
        server_name     www.mydomain.com mydomain.com;

        add_header Strict-Transport-Security "max-age=31536000";

        location / {    <--- Catches anything, even without wildcard ?!
            proxy_pass http://localhost:8443;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
}

server {
        listen 443 ssl;
        server_name *.mydomain.com;
        return 444;
}
  • 写回答

1条回答 默认 最新

  • dounie5475 2016-02-16 09:48
    关注

    Check out the article at https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms

    You are not using any location_match, so the match is a prefix match.

    Use ~ as the location match modifier to have it interpreted as a regular expression.

    The line location /ws should match every query starting with /ws.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c