WebSocket是一种在单个TCP连接上进行全双工通信的协议,Nginx可以通过反向代理支持WebSocket连接。以下是配置WebSocket代理的完整步骤:
在Nginx配置文件中添加以下内容来代理WebSocket连接:
server {
listen 80;
server_name yourdomain.com;
location /ws/ {
proxy_pass http://backend_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# 可选:设置超时时间
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
}
proxy_http_version 1.1
: 强制使用HTTP/1.1协议,WebSocket需要proxy_set_header Upgrade $http_upgrade
: 传递Upgrade头proxy_set_header Connection "upgrade"
: 将Connection头设置为upgradeproxy_read_timeout
: 设置读取超时时间,WebSocket连接通常需要较长时间http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name ws.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
# 超时设置
proxy_read_timeout 86400s; # 24小时
proxy_send_timeout 86400s;
# 缓冲区设置
proxy_buffering off;
# 其他安全相关头部
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
如果使用HTTPS,需要额外配置SSL证书:
server {
listen 443 ssl;
server_name ws.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# SSL配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
}
如果需要多台WebSocket服务器,可以配置负载均衡:
upstream websocket_servers {
server 192.168.1.10:3000;
server 192.168.1.11:3000;
server 192.168.1.12:3000;
}
server {
location / {
proxy_pass http://websocket_servers;
# 其余配置与前面相同
}
}
配置完成后:
1. 测试Nginx配置语法:nginx -t
2. 重新加载Nginx配置:nginx -s reload
3. 使用WebSocket客户端工具测试连接
问题1:连接立即断开
- 检查Upgrade
和Connection
头是否正确设置
- 确保后端服务器支持WebSocket协议
问题2:超时断开
- 增加proxy_read_timeout
值
- 检查后端服务器是否有自己的超时设置
问题3:负载均衡下连接不稳定
- 考虑使用ip_hash
保持客户端与同一后端服务器的连接
upstream websocket_servers {
ip_hash;
server 192.168.1.10:3000;
server 192.168.1.11:3000;
}
通过以上配置,Nginx可以有效地代理WebSocket连接,支持长连接和实时通信需求。