duanpu6319
duanpu6319
2016-02-16 09:35
浏览 54
已采纳

Nginx:WebSocket通配符位置

I use a nginx instance in front of a Go service.

My current config:

ssl_certificate                 ...
ssl_certificate_key             ...
ssl_ciphers                     ...
ssl_prefer_server_ciphers       on;

server {
        listen         80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen          443 ssl;
        server_name     www.mydomain.com mydomain.com;

        add_header Strict-Transport-Security "max-age=31536000";

        location /ws {   <--- This only works for /ws but not /ws/app1
            proxy_pass http://localhost:8443/ws;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

        location / {    <--- Catches anything, even without wildcard ?!
                proxy_pass http://localhost:8443;
        }
}

server {
        listen 443 ssl;
        server_name *.mydomain.com;
        return 444;
}

Why is this necessary ? Well, as I understand, you have to set the upgrade headers explicitly, so I guess you have to specify another location.

Ideally, I would just use one location, but then websockets are blocked (because upgrade headers never make it to the Go service...)

I'm not a nginx expert, so bear with me =).

[EDIT]

I got it working now. I'm not sure if its ok to always set_header Upgrade/Connection, even if it's not a websocket request, but my Go service doesn't give a ****, so it works for me =]

ssl_certificate                 ...
ssl_certificate_key             ...
ssl_ciphers                     ...
ssl_prefer_server_ciphers       on;

server {
        listen         80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen          443 ssl;
        server_name     www.mydomain.com mydomain.com;

        add_header Strict-Transport-Security "max-age=31536000";

        location / {    <--- Catches anything, even without wildcard ?!
            proxy_pass http://localhost:8443;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
}

server {
        listen 443 ssl;
        server_name *.mydomain.com;
        return 444;
}
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

相关推荐