用于带有两个单独服务器的安全WebSocket的Nginx反向代理

时间:2020-02-11 19:21:10

标签: nginx wss

我对此进行了很多搜索,但不知何故。

以下是我的案例的摘要:

我有一个客户端服务器,该服务器使用letencrypt ssl证书在Apache + Cpanel上运行。当用户单击链接时,它将尝试连接wss:// nodeserverip:port

在nodejs服务器端,我使用nginx进行反向代理,但无法对其进行配置。两台服务器都在Centos上运行。 我希望它成为的方案:

用户单击链接-> wss:// NodejsServerip:port1->(连接到NodejsServer)proxy_pass http://NodejsServerip:port2->响应客户端

我对NodejsServer使用s 自签名证书。在那种情况下,根据我的配置,我会在控制台日志中收到ERR_CERT_AUTHORITY_INVALID错误或ERR_SSL_PROTOCOL_ERROR。

这是我的Nginx default.conf文件:

server {
    listen       8080 ssl;
    listen       [::]:8080 ssl ipv6only=on;
    server_name  client.website.address;
    #root         /usr/share/nginx/html;

    #ssl_verify_client on;
    #ssl_verify_client off;
    #ssl_client_certificate /etc/nginx/certs/privkey.pem;

    ssl_certificate /etc/nginx/certs/client.crt;
    ssl_certificate_key /etc/nginx/certs/client.key;

    #ssl_session_cache shared:le_nginx_SSL:1m;
    #ssl_session_timeout 1d;
    #ssl_session_tickets off;

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 SSLv2 SSLv3;
    #ssl_prefer_server_ciphers on;
    #ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    #ssl_ecdh_curve secp384r1;

    #ssl_stapling on;
    #ssl_stapling_verify on;

    #add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
    #add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';";
    #add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
    #add_header X-Frame-Options SAMEORIGIN;
    #add_header X-Content-Type-Options nosniff;
    #add_header X-XSS-Protection "1; mode=block";

    # Load configuration files for the default server block.
    #include /etc/nginx/default.d/*.conf;

    location / {
        #proxy_ssl_verify off;
        #proxy_ssl_verify on;
        #proxy_ssl_certificate     /etc/nginx/certs/client.crt;
        #proxy_ssl_certificate_key /etc/nginx/certs/client.key;
        #proxy_ssl_trusted_certificate /etc/nginx/certs/client.crt;
        proxy_buffering off;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:2020;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # WebSocket support (nginx 1.4)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

}

0 个答案:

没有答案
相关问题
最新问题