Fatal编程技术网
  • nginx/
  • 用于具有两个独立服务器的安全WebSocket的Nginx反向代理

用于具有两个独立服务器的安全WebSocket的Nginx反向代理

nginx

用于具有两个独立服务器的安全WebSocket的Nginx反向代理,nginx,wss,Nginx,Wss,我对此搜索了很多,但不知怎么搞不懂 以下是我的案例摘要: 我有一个客户端服务器,它运行在Apache+Cpanel上,具有letsencrypt ssl证书。当用户单击链接时,它会尝试连接wss://nodeserverip:port 在nodejs服务器端,我使用nginx作为反向代理,但无法配置它。两台服务器都在Centos上运行我想要的方案: 用户单击链接->wss://NodejsServerip:port1 ->(连接到NodejsServer)代理\u传递->响应到客户端 我对Nod

我对此搜索了很多,但不知怎么搞不懂

以下是我的案例摘要:

我有一个客户端服务器,它运行在Apache+Cpanel上,具有letsencrypt ssl证书。当用户单击链接时,它会尝试连接wss://nodeserverip:port

在nodejs服务器端,我使用nginx作为反向代理,但无法配置它。两台服务器都在Centos上运行我想要的方案:

用户单击链接->wss://NodejsServerip:port1 ->(连接到NodejsServer)代理\u传递->响应到客户端

我对NodejsServer使用自签名证书。在这种情况下,根据我的配置,我在控制台日志中获得ERR\u CERT\u AUTHORITY\u INVALID error或ERR\u SSL\u PROTOCOL\u error

这是我的nginx default.conf文件:

server {
    listen       8080 ssl;
    listen       [::]:8080 ssl ipv6only=on;
    server_name  client.website.address;
    #root         /usr/share/nginx/html;

    #ssl_verify_client on;
    #ssl_verify_client off;
    #ssl_client_certificate /etc/nginx/certs/privkey.pem;

    ssl_certificate /etc/nginx/certs/client.crt;
    ssl_certificate_key /etc/nginx/certs/client.key;

    #ssl_session_cache shared:le_nginx_SSL:1m;
    #ssl_session_timeout 1d;
    #ssl_session_tickets off;

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 SSLv2 SSLv3;
    #ssl_prefer_server_ciphers on;
    #ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    #ssl_ecdh_curve secp384r1;

    #ssl_stapling on;
    #ssl_stapling_verify on;

    #add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
    #add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';";
    #add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
    #add_header X-Frame-Options SAMEORIGIN;
    #add_header X-Content-Type-Options nosniff;
    #add_header X-XSS-Protection "1; mode=block";

    # Load configuration files for the default server block.
    #include /etc/nginx/default.d/*.conf;

    location / {
        #proxy_ssl_verify off;
        #proxy_ssl_verify on;
        #proxy_ssl_certificate     /etc/nginx/certs/client.crt;
        #proxy_ssl_certificate_key /etc/nginx/certs/client.key;
        #proxy_ssl_trusted_certificate /etc/nginx/certs/client.crt;
        proxy_buffering off;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:2020;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # WebSocket support (nginx 1.4)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

您尝试过的任何配置文件都可以发布到这里吗?我添加了nginx conf文件。