我正在制作一个基于WebSockets的应用程序。使用库 socket.io 。我使用自签名证书来配置 HTTPS。
由于某种原因,Websocket 连接的代理不起作用,尽管 API 代理运行良好。代理从 NGINX 容器到应用程序容器。
以下是nginx配置代码:
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
server_name x.x.x.x;
location ~ ^/(api|socket\.io)/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass https://172.17.0.1:8443;
}
location / {
index index.htm index.html;
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
listen [::]:80;
server_name x.x.x.x;
return 302 https://$server_name$request_uri;
}
}
以下是部分服务器代码:
const { createServer } = require('https');
const { Server: WebSocketServer } = require('socket.io');
const path = require('path');
const fs = require('fs');
const options = {
key: fs.readFileSync(__dirname + '/certs/nginx-selfsigned.key'),
cert: fs.readFileSync(__dirname + '/certs/nginx-selfsigned.crt'),
requestCert: false,
rejectUnauthorized: false,
};
const app = express();
const server = createServer(options, app);
const wss = new WebSocketServer(server, {
cors: {
origin: ['https://x.x.x.x', 'https://x.x.x.x:x:443']
},
});
app.use(
cors({
credentials: true,
origin: ['https://x.x.x.x', 'https://x.x.x.x:x:443'],
})
);
下面是客户端对websocket的请求:
const socket = connect('https://x.x.x.x', { rejectUnauthorized: false });
结果下面的查询显示超时
https x.x.x.x socket.io/?EIO=4&transport=polling&t=OjFL9C1
在代理地址末尾添加尾部斜杠(/)确实可能是一个潜在的问题,应该正确配置它以避免与其他路径冲突。例如:
如果您使用
/socket.io/
作为代理路径,则 proxy_pass
地址应类似于 https://172.17.0.1:8443/socket.io/
。
进行此项调整,如下图:
location ~ ^/(api|socket\.io)/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass https://172.17.0.1:8443/;
}
如果您的路径是
/socket.io/
,此更改可能会解决您的特定问题。另外,请确保所有其他代理和安全设置均已正确配置。