Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Websocket 可以使用nginx反向代理处理 建议不要将ws写死 可以通过反代进行代理或者什么都可以的 #121

Open
xiaoyi510 opened this issue Aug 15, 2024 · 11 comments
Open

SSL Websocket 可以使用nginx反向代理处理 建议不要将ws写死 可以通过反代进行代理或者什么都可以的 #121

xiaoyi510 opened this issue Aug 15, 2024 · 11 comments

Comments

@xiaoyi510
Copy link

SSL Websocket 可以使用nginx反向代理处理 建议不要将ws写死 可以通过反代进行代理或者什么都可以的

image

这里判断当前是https就用wss 否则就用ws
@xiaoyi510
Copy link
Author

21118 什么端口什么的
可以通过路径来转发?
比如 wss://xx/hbbs 转发到内部 127.0.0.1 21118 这样的端口
网页应该有操作空间

@kingmo888
Copy link
Owner

欢迎pr啊,我集成进来后没有细研究,主要是对js没能力

@xiaoyi510
Copy link
Author

我也是懒人 哈哈哈

@kingmo888
Copy link
Owner

尝试修改了一下,可以试试

@kingmo888
Copy link
Owner

21118 什么端口什么的 可以通过路径来转发? 比如 wss://xx/hbbs 转发到内部 127.0.0.1 21118 这样的端口 网页应该有操作空间

这块没搞定。
现在状态是,如果wss链接,就会提示"无法连接注册服务器"了。

@xiaoyi510
Copy link
Author

通过nginx 反向代理 websocket 实现

@xiaoyi510
Copy link
Author 

location /xxxxx {
    proxy_pass http://127.0.0.1:21118;
    proxy_set_header Host 127.0.0.1:$server_port;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    proxy_set_header X-Host $host:$server_port;
    proxy_set_header X-Scheme $scheme;
    proxy_connect_timeout 30s;
    proxy_read_timeout 86400s;
    proxy_send_timeout 30s;
    proxy_http_version 1.1;
    // 主要是下面两个是支持websocket的
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

@kingmo888
Copy link
Owner 

location /xxxxx {
    proxy_pass http://127.0.0.1:21118;
    proxy_set_header Host 127.0.0.1:$server_port;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    proxy_set_header X-Host $host:$server_port;
    proxy_set_header X-Scheme $scheme;
    proxy_connect_timeout 30s;
    proxy_read_timeout 86400s;
    proxy_send_timeout 30s;
    proxy_http_version 1.1;
    // 主要是下面两个是支持websocket的
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

技术有限,基于宝塔反代,反复测试了几次,失败了。

能更详细介绍下么

@gkaigk
Copy link

gkaigk commented Sep 10, 2024
edited
Loading 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
upstream websocket {
    server 127.0.0.1:21118; 
}
server
    {
        listen 80;
        listen 443;
        server_name XXXX.com;
        index index.html index.htm index.php default.html default.htm default.php;
		location ^~/ {
			add_header Access-Control-Allow-Origin *;
    		add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    		add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
			if ($request_method = 'OPTIONS') {
        		return 204;
    		}
			proxy_pass http://websocket;
			proxy_set_header Host $host; 
			proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
			}
    }

@kingmo888
Copy link
Owner 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
upstream websocket {
    server 127.0.0.1:21118; 
}
server
    {
        listen 80;
        listen 443;
        server_name XXXX.com;
        index index.html index.htm index.php default.html default.htm default.php;
		location ^~/ {
			add_header Access-Control-Allow-Origin *;
    		add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    		add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
			if ($request_method = 'OPTIONS') {
        		return 204;
    		}
			proxy_pass http://websocket;
			proxy_set_header Host $host; 
			proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
			}
    }

当已经存在一个反代(21114)的情况下,这种配置会冲突或者无效。

@loveqianool
Copy link

https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/faq/#set-up-https-for-web-console-manually
The full configuration is

server {
    server_name <YOUR_DOMAIN>;
    location / {
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:21114/;
    }

    location /ws/id {
        proxy_pass http://localhost:21118;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /ws/relay {
        proxy_pass http://localhost:21119;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = <YOUR_DOMAIN>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name <YOUR_DOMAIN>;
    listen 80;
    return 404; # managed by Certbot
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@loveqianool @gkaigk @kingmo888 @xiaoyi510