Shulou(Shulou.com)06/02 Report--

Editor to share with you the method of nginx reverse proxy webSocket configuration, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Recently, the webSocket protocol was used in the project, and webSocket was used in WeChat Mini Programs. When WeChat Mini Programs uses the wss protocol, the port cannot be set, only the default port 443 can be used. My https has been listening to port 443, and webSocket is going to listen to port 443. it certainly won't work. We have to find a way to solve it. So I came up with two ways to solve it. One solution is to deploy webSocket to another server, which is too expensive. Another way is to use the nginx reverse proxy.

Because the webSocket protocol is upgraded based on the http protocol (see figure below), you can use nginx reverse proxy webSocket.

As can be seen from this picture, the establishment of the webSocket connection is based on the http protocol.

GET / chat HTTP/1.1Host: server.example.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==Sec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13Origin: http://example.com

Children's shoes who are familiar with HTTP may have found that there are only a few more things in this handshake request similar to the HTTP protocol.

Upgrade: websocketConnection: Upgrade

This is the core of Websocket, telling Apache, Nginx and other servers: I initiated the Websocket protocol.

Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==Sec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13

First of all, Sec-WebSocket-Key is a value of Base64 encode, which is randomly generated by the browser, telling the server: peat, don't be leisurely, I want to verify that Ni is really a Websocket assistant.

Finally, Sec-WebSocket-Version tells the server the Websocket Draft (protocol version) used. At the beginning, the Websocket protocol was still in the Draft stage, there were all kinds of strange protocols, and there were a lot of strange and different things, such as what Firefox and Chrome did not use the same version. At that time, too many Websocket protocols was a big problem. But now it's okay. It's settled. It's a thing that everyone uses.

The server then returns the following, indicating that the request has been accepted and the Websocket has been successfully established!

HTTP/1.1 101 Switching ProtocolsUpgrade: websocketConnection: UpgradeSec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=Sec-WebSocket-Protocol: chat

Here is the last area that HTTP is responsible for. Tell the customer that I have successfully switched the protocol.

Upgrade: websocketConnection: Upgrade

It is still fixed, telling the client that the Websocket protocol is about to be upgraded. At this point, HTTP has done all its work, and then it is done in full accordance with the Websocket protocol.

If you understand the principle of the agreement, you can take the next step.

First, nginx configures the certificate of https first.

The certificate of the server is configured by the boss, so I use it directly. Check for yourself if you need it. 0.0.

Add the following configuration to the service node of the nginx configuration file

Location / wss {proxy_pass http://127.0.0.1:8888; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr;}

Explain the parameters.

/ wss this is random, tell Nginx to proxy url, now I set to wss, when I access my server https://abc.com/wss, Nginx will map my request to port 8888 on this machine.

Proxy_pass to proxy to the url, my agent to port 8888 on this machine.

The version of http used for proxy_http_version proxies.

Here's the point:

Key parameters of proxy webSocket

Proxy_set_header Upgrade sets the Upgrade of the http request header when proxying to the original http request header, and the wss protocol request header is websocket

Proxy_set_header Connection sets the Connection of the http request header to Upgrade because of the wss protocol of the agent

Proxy_set_header X-Real-IP sets the ip of the original http request to the agent. Enter $remote_addr.

As for the response parameters of the websocket protocol, you don't have to worry about it when you reverse proxy.

At this point, the configuration of the Nginx reverse proxy webSocket is complete. Restart Nginx, try to connect with websocket, and fill in wss://abc.com/wss at the original wss address. If websocket connects successfully, the Nginx reverse proxy websocket has been successful.

Summary

The current configuration is only the configuration when you reverse proxy to the local machine. If you want to reverse proxy to another host, there may be cross-domain problems in the proxy, so you need to do cross-domain configuration in the reverse proxy of Nginx.

Thinking

You can see this paragraph in the configuration file of Nginx

Location ~ .php ${root html; fastcgi_pass 127.0.0.1 fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params;}

This is the configuration file of php in Nginx. Damn it, it looks so familiar. This configuration list is so similar to the reverse proxy of websocket just now. Only by looking up information on the Internet can we know that when Nginx handles php-type requests, it sends the requests to the fastcgi management process for processing, the fascgi management process selects the results of the CGI child process and returns the nginx, while php-fpm is a PHP FastCGI manager, nginx itself can not handle PHP, it is only a web server, when it receives the request, if it is a php request, it is sent to the php interpreter for processing, and the result is returned to the client. So when Nginx handles php-type requests, it is essentially implemented through reverse proxy.

We can expand our thinking and use Nginx reverse proxy to achieve more functions, such as proxy Tomcat.

Location / Tomcat {proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr;}

Of course, you can also use Nginx reverse proxy to achieve load balancing, which I haven't tried yet. I'll add it later when I use it.

The above is all the contents of the nginx reverse proxy webSocket configuration method, thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.