Websocket 404当proxy_pass通过2 Nginx

时间:2019-06-18 09:59:09

标签: nginx websocket socket.io proxypass

我正在尝试让websockets(socket.io)通过2个proxy_pass和2个不同的服务器(一个是服务器负载平衡器,另一个是实际服务器)工作。当socket.io尝试

时,我得到400

在这种情况下,我有两台服务器,1个domainName:

domainName:dev-socket.domain.com->将cname命名为lb.domain.com

服务器1:lb.domain.com -处理所有认证 -处理我们所有的{subdomain} .domain.com请求,将它们proxy_pass传递到正确的服务器 -一切正常,除了websockets

服务器2:dev.domain.com -托管处理所有websocket的实际api -nginx proxyPass传递给rightfull:port应用程序

什么应该起作用,而不是:

dev-socket.domain.com(域名)-> lb.domain.com(Server1,ssl)-> dev.domain.com(server2)-> nodeJsApp

这是400。

工作原理:如果我绕过lb.domain.com并直接执行此操作,则此方法有效: dev-socket.domain.com(域名)-> dev.domain.com(server2,ssl)-> nodeJsApp

服务器1:lb.domain.com:

map $http_connection $upgrade_requested {
    default upgrade;
    ''      close;
}


server {
    listen 80;
    listen 443 ssl http2;
    server_name dev-socket.domain.com;

    access_log /var/log/nginx/dev-socket.domain.com-access.log;
    error_log /var/log/nginx/dev-socket.domain.com-error.log error;

    client_max_body_size 256M;
    ssl_certificate /etc/letsencrypt/live/dev- 
    socket.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dev- 
    socket.domain.com/privkey.pem;
    includeSubDomains; preload";

    location /socket/live {
        proxy_read_timeout 120;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;    
    proxy_pass http://91.121.117.17/socket/live;
    }


    location / {
        proxy_pass http://server_dev;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;

    proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }


    location ~ ^/.well-known/acme-challenge/ {
        allow all;
        default_type "text/plain";
        root /usr/share/nginx/html/;
    }
}

服务器2:dev.domain.com

map $http_connection $upgrade_requested { 
    default upgrade;
    ''      close;
}

server {
    listen *:443;
    server_name dev-socket.domain.com;

        #ssl_certificate /etc/letsencrypt/live/dev-socket.domain.com/fullchain.pem;
        #ssl_certificate_key /etc/letsencrypt/live/dev-socket.domain.com/privkey.pem;
        #ssl on;

        client_max_body_size 5M;

    access_log /var/log/nginx/dev-socket.domain.com;
    error_log /var/log/nginx/dev-socket.error;

    location /socket/live {
        proxy_pass http://localhost:3000;
        proxy_read_timeout 120;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }


    location / {
        proxy_pass http://localhost:3000;

        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
    }
}

server {
    listen *:80;
    server_name dev-socket.domain.com;

        if ($http_x_forwarded_proto != "https") {
                return 301 https://$server_name$request_uri;
        }

    access_log /var/log/nginx/dev-socket.domain.com;
    error_log /var/log/nginx/dev-socket.error;

        location / {
                proxy_pass http://localhost:3000;
        }
}

上述配置在握手过程中会得到一个简单的400错误,而不是成功。

WebSocket connection to 'wss://dev-socket.domain.com/socket/live/?Auth=e02b7a2ab5c158d7f46c18d36f45955bf3769716&sessionId=5a38e191fc6bf8602001b237&EIO=3&transport=websocket&sid=Fu6M2b1I9sh9stLFAANX' failed: Error during WebSocket handshake: Unexpected response code: 400

我可以通过检查两个nginx(服务器1,服务器2)的活动日志来确认请求已到达服务器2。因此,我目前的猜测是有关标题错误的信息。

如上所述,如果我绕过lb.domain.com并在dev.domain.com目录上激活ssl,则它可以正常工作

0 个答案:

没有答案