发布网友 发布时间:2024-10-23 22:36
共1个回答
热心网友 时间:2024-10-25 00:58
当今互联网领域,Nginx作为常用的代理服务器之一,被众多大厂用于业务系统中。因此,了解Nginx针对Http、Https、WS、WSS的配置至关重要。
Nginx配置Http
首先,我们探讨Nginx如何配置Http。Nginx配置Http是其常用功能之一。在nginx.conf中进行相应配置,如下所示。
upstream message {
server localhost:8080 max_fails=3;
}
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
add_header 'Access-Control-Allow-Origin' '*';
proxy_connect_timeout 10;
}
location /message {
proxy_pass message;
proxy_set_header Host $host:$server_port;
}
}
复制
此时,访问http://localhost/message,就会被转发到localhost:8080/message上。
Nginx配置Https
对于对网站安全性要求较高的业务,可能需要在Nginx配置Https。具体配置信息可以参照以下方式。
upstream message {
server localhost:8080 max_fails=3;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx-1.17.8/conf/keys/binghe.pem;
ssl_certificate_key /usr/local/nginx-1.17.8/conf/keys/binghe.key;
ssl_session_timeout 20m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location / {
root html;
index index.html index.htm;
add_header 'Access-Control-Allow-Origin' '*';
proxy_connect_timeout 10;
}
location /message {
proxy_pass message;
proxy_set_header Host $host:$server_port;
}
}
复制
此时访问https://localhost/message 就会被转发到http://localhost:8080/message上。
Nginx配置WS
WS的全称是WebSocket,Nginx配置WebSocket相对简单。在nginx.conf文件中进行相应配置,即可实现横向扩展WebSocket服务端的服务能力。
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream wsbackend{
server ip1:port1;
server ip2:port2;
keepalive 1000;
}
server {
listen 20038;
location /{
proxy_http_version 1.1;
proxy_pass wsbackend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 3600s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
复制
此时,访问ws://localhost:20038 就会被转发到ip1:port1和ip2:port2上。
Nginx配置WSS
WSS表示WebSocket + Https,即安全的WebSocket。在配置WS时,已详细描述了配置细节,此处不再赘述。
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream wsbackend{
server ip1:port1;
server ip2:port2;
keepalive 1000;
}
server{
listen 20038 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx-1.17.8/conf/keys/binghe.com.pem;
ssl_certificate_key /usr/local/nginx-1.17.8/conf/keys/binghe.com.key;
ssl_session_timeout 20m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location /{
proxy_http_version 1.1;
proxy_pass wsbackend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 3600s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
复制
此时,访问wss://localhost:20038 就会被转发到ip1:port1和ip2:port2上。