我有以下設置:的Nginx作爲安全的WebSocket轉發代理(WS - > WSS)
+----------------------------+ +-----------------------------+
| | | |
| | | |
| | | |
| +--------+ +--------+ | | +--------+ +-------+ |
| | | | | | | | | | | |
| | client | | nginx | | | | nginx | | server| |
| | | | | | | | | | | |
| | ws +-------> wss +-------------------------> wss +--------> ws | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| +--------+ +--------+ | | +--------+ +-------+ |
| | | |
| | | |
+----------------------------+ +-----------------------------+
我想客戶端與服務器通過一個安全的WebSocket連接。但不直接。客戶端和服務器不知道安全性。
所以客戶端連接到:ws://localhost:6277/wstest
客戶端nginx的是偵聽端口6277
。我希望Nginx將連接安全地轉發到ws.example.com/wstest
。
Nginx的的配置是:
server {
server_name localhost;
listen 6277;
location /wstest {
proxy_ssl_certificate /etc/nginx/ssl/client.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/client.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_session_reuse on;
resolver 127.0.0.1;
proxy_pass https://ws.example.com/wstest;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
客戶端設置不起作用。客戶給我以下錯誤:The HTTP response from the server [500] did not permit the HTTP upgrade to WebSocket
。而Nginx給了我:"GET /ocpp/cp-1/ws HTTP/1.1" 500 193 "-" "-"
。
當我繞過客戶端Nginx,以便客戶端可以直接(wss://ws.example.com/wstest
)連接到服務器只通過服務器端Nginx,一切工作正常。
服務器端的Nginx將wss轉換爲ws並將連接轉發到服務器。
客戶端Nginx配置有問題嗎?使用Nginx將wss轉換爲ws是沒有問題的。但是,甚至有可能使用Nginx將ws轉換爲wss?