【问题标题】:Setup websocket nginx proxy to node.js using ssl from certbot使用来自 certbot 的 ssl 将 websocket nginx 代理设置为 node.js
【发布时间】:2020-06-04 18:43:18
【问题描述】:
我想通过我的节点应用程序使用 ssl websockets (wss://),该应用程序使用 ws npm 模块。最重要的是,我想使用我通过 certbot 的 nginx 设置的 ssl。
我有节点 websocket 在端口 8080 上侦听,虽然我可以直接连接到该端口,但由于该站点是通过 ssl 提供服务的,因此由于未加密,因此会引发错误。
【问题讨论】:
标签:
nginx
websocket
nginx-reverse-proxy
nginx-config
certbot
【解决方案1】:
对于客户端 javascript,您可以将调用路由到 wss://examplesite.com/websocket
- 在 nginx 配置中,设置在 header 设置为 '' 时关闭连接。
- 为您的 websocket 端口创建上游
- 添加 /websocket 位置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 127.0.0.1:8080;
}
server {
server_name examplesite.com;
location /websocket {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
# after this is just an example of the rest of the nginx config for a node server on 8675
# that has a static build directory
location / {
proxy_pass http://127.0.0.1:8675;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
}
location ~ \.(gif|jpg|png|js|txt|html|mp3|css|woff2)$ {
root /root/examplesite.com/build/;
expires 30d;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/examplesite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/examplesite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
您可以使用https://www.npmjs.com/package/wscat 来测试您的本地 ws://...:8080 和您的 wss://.../websocket 连接