我正在使用Nginx作为web主机和同一设备上运行的websocket的代理,监听端口8888.试图找到一种方法让nginx监听80并将websocket请求转发到内部端口。不将新端口暴露在外面。这甚至可能吗?
更新:
这是我目前的配置:
error_log /var/log/nginx/error_log.log warn;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server localhost:8888;
}
server {
listen 80;
#listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/EncoderAdmin;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /ws {
proxy_pass http://localhost:8888;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
当我尝试使用ws:// [address] / ws连接到它时,我得到:
与'ws:// [地址] / ws'的WebSocket连接失败:WebSocket握手期间出错:意外响应代码:400
答案 0 :(得分:8)
是的,可以假设您可以区分正常的HTTP请求和套接字请求。
最简单的解决方案是将套接字uri与location匹配,例如,/ws的所有请求都将重定向到localhost:8888,其他任何网址都会重定向到localhost:8889。这是配置的一个例子
server {
server_name _;
location /ws {
proxy_pass http://localhost:8888;
# this magic is needed for WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location / {
proxy_pass http://localhost:8889;
}
}
您还应该记得将websocket服务器绑定到localhost:8888而不是0.0.0.0:8888。不需要此步骤,但使用它原始端口不会暴露!