我正在尝试让websockets(socket.io)通过2个proxy_pass和2个不同的服务器(一个是服务器负载平衡器,另一个是实际服务器)工作。当socket.io尝试
时,我得到400在这种情况下,我有两台服务器,1个domainName:
domainName:dev-socket.domain.com->将cname命名为lb.domain.com
服务器1:lb.domain.com -处理所有认证 -处理我们所有的{subdomain} .domain.com请求,将它们proxy_pass传递到正确的服务器 -一切正常,除了websockets
服务器2:dev.domain.com -托管处理所有websocket的实际api -nginx proxyPass传递给rightfull:port应用程序
什么应该起作用,而不是:
dev-socket.domain.com(域名)-> lb.domain.com(Server1,ssl)-> dev.domain.com(server2)-> nodeJsApp
这是400。
工作原理:如果我绕过lb.domain.com并直接执行此操作,则此方法有效: dev-socket.domain.com(域名)-> dev.domain.com(server2,ssl)-> nodeJsApp
服务器1:lb.domain.com:
map $http_connection $upgrade_requested {
default upgrade;
'' close;
}
server {
listen 80;
listen 443 ssl http2;
server_name dev-socket.domain.com;
access_log /var/log/nginx/dev-socket.domain.com-access.log;
error_log /var/log/nginx/dev-socket.domain.com-error.log error;
client_max_body_size 256M;
ssl_certificate /etc/letsencrypt/live/dev-
socket.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev-
socket.domain.com/privkey.pem;
includeSubDomains; preload";
location /socket/live {
proxy_read_timeout 120;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://91.121.117.17/socket/live;
}
location / {
proxy_pass http://server_dev;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location ~ ^/.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /usr/share/nginx/html/;
}
}
服务器2:dev.domain.com
map $http_connection $upgrade_requested {
default upgrade;
'' close;
}
server {
listen *:443;
server_name dev-socket.domain.com;
#ssl_certificate /etc/letsencrypt/live/dev-socket.domain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/dev-socket.domain.com/privkey.pem;
#ssl on;
client_max_body_size 5M;
access_log /var/log/nginx/dev-socket.domain.com;
error_log /var/log/nginx/dev-socket.error;
location /socket/live {
proxy_pass http://localhost:3000;
proxy_read_timeout 120;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen *:80;
server_name dev-socket.domain.com;
if ($http_x_forwarded_proto != "https") {
return 301 https://$server_name$request_uri;
}
access_log /var/log/nginx/dev-socket.domain.com;
error_log /var/log/nginx/dev-socket.error;
location / {
proxy_pass http://localhost:3000;
}
}
上述配置在握手过程中会得到一个简单的400错误,而不是成功。
WebSocket connection to 'wss://dev-socket.domain.com/socket/live/?Auth=e02b7a2ab5c158d7f46c18d36f45955bf3769716&sessionId=5a38e191fc6bf8602001b237&EIO=3&transport=websocket&sid=Fu6M2b1I9sh9stLFAANX' failed: Error during WebSocket handshake: Unexpected response code: 400
我可以通过检查两个nginx(服务器1,服务器2)的活动日志来确认请求已到达服务器2。因此,我目前的猜测是有关标题错误的信息。
如上所述,如果我绕过lb.domain.com并在dev.domain.com目录上激活ssl,则它可以正常工作