以下是配置80和443接收请求:
1.接收到http和https可以转成http发往内部服务;
2.接收websocker建连接请求,如果后端使用netty的模式开两个线程用两个端口监听ws和wss,需要分别转发为http和https
3.https的443端口需要配置ssl证书:https://zhuanlan.zhihu.com/p/565975612
4.配置websocket要在http里配置这个:https://zhuanlan.zhihu.com/p/482686990?utm_id=0
server {
listen 80;
server_name localhost 域名 本机ip;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
#允许跨域请求的域,* 代表所有
add_header 'Access-Control-Allow-Origin' *;
#允许带上cookie请求
add_header 'Access-Control-Allow-Credentials' 'true';
#允许请求的方法,比如 GET/POST/PUT/DELETE
add_header 'Access-Control-Allow-Methods' *;
#允许请求的header
add_header 'Access-Control-Allow-Headers' *;
#ws转发
location /zyk/Wss {
proxy_pass http://ip:port;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_read_timeout 3600s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /zyk {
proxy_pass http://ip:port;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; #获取真实ip
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#获取代理者的真实ip
proxy_redirect off;
}
location /api {
proxy_pass http://ip:port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; #获取真实ip
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#获取代理者的真实ip
proxy_redirect off;
}
location ^~ /local {
alias /usr/local/nginx/html/xxx/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location / {
root html/xx;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location @router {
rewrite ^.*$ index.html last;
}
}
server {
listen 443 ssl;
server_name localhost 域名 本机ip;
ssl_certificate /usr/local/nginx/ssl/server.crt; # 这个是证书的crt文件所在目录
ssl_certificate_key /usr/local/nginx/ssl/server.key; # 这个是证书key文件所在目录
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
#允许跨域请求的域,* 代表所有
add_header 'Access-Control-Allow-Origin' *;
#允许带上cookie请求
add_header 'Access-Control-Allow-Credentials' 'true';
#允许请求的方法,比如 GET/POST/PUT/DELETE
add_header 'Access-Control-Allow-Methods' *;
#允许请求的header
add_header 'Access-Control-Allow-Headers' *;
location /zyk/Wss {
proxy_pass https://ip:port;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_read_timeout 3600;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /zyk {
proxy_pass http://ip:port;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; #获取真实ip
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#获取代理者的真实ip
proxy_redirect off;
}
location /api {
proxy_pass http://ip:port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; #获取真实ip
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#获取代理者的真实ip
proxy_redirect off;
}
}