duanpu6319 2016-02-16 09:35
浏览 76
已采纳

Nginx:WebSocket通配符位置

I use a nginx instance in front of a Go service.

My current config:

ssl_certificate                 ...
ssl_certificate_key             ...
ssl_ciphers                     ...
ssl_prefer_server_ciphers       on;

server {
        listen         80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen          443 ssl;
        server_name     www.mydomain.com mydomain.com;

        add_header Strict-Transport-Security "max-age=31536000";

        location /ws {   <--- This only works for /ws but not /ws/app1
            proxy_pass http://localhost:8443/ws;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

        location / {    <--- Catches anything, even without wildcard ?!
                proxy_pass http://localhost:8443;
        }
}

server {
        listen 443 ssl;
        server_name *.mydomain.com;
        return 444;
}

Why is this necessary ? Well, as I understand, you have to set the upgrade headers explicitly, so I guess you have to specify another location.

Ideally, I would just use one location, but then websockets are blocked (because upgrade headers never make it to the Go service...)

I'm not a nginx expert, so bear with me =).

[EDIT]

I got it working now. I'm not sure if its ok to always set_header Upgrade/Connection, even if it's not a websocket request, but my Go service doesn't give a ****, so it works for me =]

ssl_certificate                 ...
ssl_certificate_key             ...
ssl_ciphers                     ...
ssl_prefer_server_ciphers       on;

server {
        listen         80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen          443 ssl;
        server_name     www.mydomain.com mydomain.com;

        add_header Strict-Transport-Security "max-age=31536000";

        location / {    <--- Catches anything, even without wildcard ?!
            proxy_pass http://localhost:8443;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
}

server {
        listen 443 ssl;
        server_name *.mydomain.com;
        return 444;
}
  • 写回答

1条回答 默认 最新

  • dounie5475 2016-02-16 09:48
    关注

    Check out the article at https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms

    You are not using any location_match, so the match is a prefix match.

    Use ~ as the location match modifier to have it interpreted as a regular expression.

    The line location /ws should match every query starting with /ws.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程
  • ¥15 redis-full-check比较 两个集群的数据出错
  • ¥15 Matlab编程问题
  • ¥15 训练的多模态特征融合模型准确度很低怎么办
  • ¥15 kylin启动报错log4j类冲突
  • ¥15 超声波模块测距控制点灯,灯的闪烁很不稳定,经过调试发现测的距离偏大
  • ¥15 import arcpy出现importing _arcgisscripting 找不到相关程序
  • ¥15 onvif+openssl,vs2022编译openssl64