本地测试都是正常的,线上测试总是过一会就断开…
线上新增了https协议,导致页面中的链接必须也是ssl
Websocket链接地址从ws://ws.xxx.com 改成了wss://ws.xxx.com
最开始http 的配置如下:
server {
listen 80;
server_name ws.xxx.com;
location / {
proxy_pass http://127.0.0.1:8110;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
client_max_body_size 1000m;
proxy_read_timeout 360s;
}
}
升级到https 后的ssl 配置:
server {
listen 443 ssl;
server_name ws.xxx.com;
ssl_certificate /usr/local/nginx/ws.xxx.com.crt;
ssl_certificate_key /usr/local/nginx/ws.xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8110;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
client_max_body_size 1000m;
}
}
线上Nginx新增ssl 代理的时候,没有设置proxy_read_timeout
正确做法应该是proxy_read_timeout 配置大于Websocket 心跳时间
参考: Nginx代理配置 Nginx重连时间
|