nginx代理https、wss配置、wss流式配置
使用nginx代理实现 https、wss的代理,对于nginx版本自行寻找对应的版本,有x86和arm的版本,但是配置文件是通用的,config目录下的nginx.conf
下面是简单对此conf文件的配置说明
1.有三个server服务代理,第一个是https的代理,第二个是wss的代理
2.第三个是wss的流式配置,适用于音频流等流式文件
3.代理https和wss是要有证书文件的,证书文件是由openssl生成的.crt和.key文件,这个自行下载openssl生成密钥
user root;
worker_processes 1;
error_log /opt/nginx/logs/error.log;
pid /opt/nginx/logs/nginx.pid;
events {
worker_connections 102400;
use epoll;
multi_accept on;
}
http {
client_max_body_size 1024m;
sendfile on;
tcp_nopush on;
keepalive_requests 100;
keepalive_timeout 65;
underscores_in_headers on;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
include mime.types;
default_type application/json;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
server {
server_name ip ; # 本机ip
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5s;
listen 28081 ssl;
location /favicon.ico {
log_not_found off;
access_log off;
}
ssl_certificate /opt/ssl/mycrt.crt;#证书文件路径
ssl_certificate_key /opt/ssl/private.key;#证书文件
location / {
root /opt/html;
index index.html index.htm;
try_files $uri $uri/ @router;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location @router{
rewrite ^.*S /index.html last;
}
location /ds-aaa-web{
proxy_pass http://ip:14600/ds-aaa-web/;
}
location /ds-bbb-app/{
proxy_pass http://ip:12801/ds-bbb-app/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 10003 ssl;
server_name localhost;
ssl_certificate /opt/ssl/mycrt.crt;
ssl_certificate_key /opt/ssl/private.key;
ssl_session_timeout 20m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location / {
proxy_http_version 1.1;
proxy_pass http://ip:10002;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 3600s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
#ws流式配置
server {
listen 10004 ssl;
server_name localhost;
ssl_certificate /opt/ssl/mycrt.crt;
ssl_certificate_key /opt/ssl/private.key;
ssl_session_timeout 20m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location / {
proxy_http_version 1.1;
proxy_pass http://ip:12802;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 3600s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off; #禁用响应缓存
chunked_transfer_encoding on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 300;
client_max_body_size 200m;
client_body_buffer_size 800m;
}
}
}
浙公网安备 33010602011771号