一、对wss与nginx代理wss的理解:
1、wss协议实际是websocket+SSL,就是在websocket协议上加入SSL层,类似https(http+SSL)。
2、利用nginx代理wss【通讯原理及流程】
(1)、客户端发起wss连接连到nginx
(2)、nginx将wss协议的数据转换成ws协议数据并转发到Workerman的websocket协议端口
(3)、Workerman收到数据后做业务逻辑处理
(4)、Workerman给客户端发送消息时,则是相反的过程,数据经过nginx/转换成wss协议然后发给客户端
二、nginx配置ssl和wss
准备证书:22336655__aabbff.com.pem
准备私钥“ 22336655__aabbff.com.key
# 代理web 端ws端口
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/22336655__aabbff.com.pem;
ssl_certificate_key /etc/nginx/22336655__aabbff.com.key;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#反向代理
location /websocket/ {
proxy_redirect off;
proxy_pass http://172.17.0.1:8081/; #转发到你本地的8081端口
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_connect_timeout 60m; #设置60分钟不断开
proxy_read_timeout 60m; #设置60分钟不断开
proxy_send_timeout 60m; #设置60分钟不断开
}
}
dockers 启动nginx
先启动容器
docker run --rm -d -p 8280:80 -p 9527:9527 -p 443:443 --name nginx-rhjk-web \
-v /home/nginx/www:/usr/share/nginx/html \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/nginx/logs:/var/log/nginx \
nginx
同步文件 :
docker cp 容器名称:/etc/nginx/conf.d/default(镜像的文件夹) /nginx/conf.d(宿主机的文件夹)
docker cp nginx-rhjk-web:/etc/nginx /home/nginx/conf
docker run --rm -d -p 8280:80 -p 9527:9527 -p 443:443 --name nginx-rhjk-web \
-v /home/nginx/www:/usr/share/nginx/html \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/nginx/logs:/var/log/nginx \
-v /home/nginx/conf/22336655__aabbff.key:/etc/22336655__aabbff.key \
-v /home/nginx/conf/22336655__aabbff.pem:/etc/nginx/22336655__aabbff.pem \
nginx
在线测试:http://www.jsons.cn/websocket/
