尝试设置具有 WS 支持的反向代理,但收到 403(禁止)。我很困惑为什么会发生这种情况,因为没有代理一切都按预期工作。我的配置在这里:
server {
root /var/www/html8080;
server_name game.memoux.com; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/game.memoux.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/game.memoux.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# redirect all HTTP traffic to localhost:8080
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
如果我尝试通过 https 访问它:https://game.memoux.com/ websocket 不起作用。 但如果我尝试使用 http://game.memoux.com:8080 来实现它,一切都会正常工作。这意味着我的配置有问题,而不是代理后面的应用程序有问题。
2023 年 5 月 11 日的 nginx 错误日志
2023/11/05 01:46:15 [crit] 705581#705581: *2917 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 167.172.240.54, server: 0.0.0.0:443
2023/11/05 02:14:22 [error] 705581#705581: *2937 connect() failed (111: Connection refused) while connecting to upstream, client: 36.99.136.129, server: memoux.com, request: "GET / HTTP/1.1", upstream: "http://[::1]:3000/", host: "memoux.com"
2023/11/05 02:14:36 [error] 705581#705581: *2975 connect() failed (111: Connection refused) while connecting to upstream, client: 146.70.192.180, server: memoux.com, request: "GET /_next/static/chunks/framework-2c79e2a64abdb08b.js HTTP/1.1", upstream: >
2023/11/05 04:13:33 [crit] 705581#705581: *3022 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 65.49.1.17, server: 0.0.0.0:443
2023/11/05 06:51:34 [crit] 705581#705581: *3087 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
2023/11/05 07:10:27 [crit] 705581#705581: *3110 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 68.183.200.199, server: 0.0.0.0:443
2023/11/05 07:44:42 [crit] 705581#705581: *3136 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 104.131.184.235, server: 0.0.0.0:443
2023/11/05 07:47:26 [crit] 705581#705581: *3147 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 35.216.204.22, server: 0.0.0.0:443
2023/11/05 08:25:08 [error] 705581#705581: *3177 connect() failed (111: Connection refused) while connecting to upstream, client: 3.249.231.245, server: memoux.com, request: "GET / HTTP/1.0", upstream: "http://[::1]:3000/", host: "memoux.com"
2023/11/05 11:02:06 [crit] 705581#705581: *3217 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 87.236.176.112, server: 0.0.0.0:443
您应该尝试更改您的“proxy_set_header 连接“升级”;” 我认为“升级”不是连接的正确值。
添加
map $http_connection $connection_upgrade {
"~*Upgrade" $http_connection;
default keep-alive;
}
到服务器或http块,然后
proxy_set_header Connection $connection_upgrade;
在您的位置块中。