How to configure nginx reverse proxy webSocket?

Because websocket protocol is upgraded based on http protocol (see the figure below), you can use nginx reverse proxy websocket.

websocket

As can be seen from this picture, websocket connection is established on the basis of http protocol.

get /chat http/ 1.1host: server.example.comupgrade: websocketconnection: upgradesec-websocket-key: x3jjhmbdl1ezlkh9gbhxdw==sec-websocket-protocol: chat, superchatsec-websocket-version: 13origin: http://example.com

Children's shoes familiar with http may have found that there are only a few more things in this handshake request similar to http protocol.

Upgrade: websocketconnection: upgrade This is the core of websocket. Tell apache, nginx and other servers that I initiated the websocket protocol. sec-websocket-key: x3jjhmbdl1ezlkh9gbhxdw==sec-websocket-protocol: chat, superchatsec-websocket-version: 13

First of all, sec-websocket-key is a value of base64 encode, which is randomly generated by the browser. Tell the server: peat, don't fool around, I want to verify whether Jenny is really a websocket assistant.

Finally, sec-websocket-version tells the server which websocket draft (protocol version) is used. At the beginning, websocket protocol was still in the draft stage, with all kinds of strange protocols, and there were many strange and different things, such as firefox and chrome using different versions. At the beginning, too many websocket protocols were a big problem. . But it's okay now. It's settled. It's something that everyone uses.

Then the server will return the following things, indicating that it has accepted the request and successfully established websocket!

http/1.1 101 switching protocolsupgrade: websocketconnection: upgradesec-websocket-accept: hsmrc0smlyukagmm5oppg2hagwk=sec-websocket-protocol: chat

This is the last responsible area of http from the beginning. Tell the customer that I have successfully switched protocols ~

upgrade: websocketconnection: upgrade

It is still fixed, telling the client that websocket protocol is about to be upgraded. At this point, http has completed all its work, and the next step is to completely follow the websocket protocol.

Understand the principle of the agreement and you can move on.

Nginx first configures the certificate of https.

The certificate of the server was configured by the boss, so I used it directly. Check it yourself if you need it. 0.0

Add the following configuration in the service node of nginx configuration file

location /wss { proxy_pass http://127.0.0.1:8888; proxy_http_version 1.1; proxy_set_header upgrade $http_upgrade; proxy_set_header connection "upgrade"; proxy_set_header x-real-ip $remote_addr; }

Explain the parameters

/wss This is a random thing. Tell nginx the url to proxy. Now my setting is wss. When I visit my server https://abc.com/wss, nginx will map my request to the 8888 port of this machine.

The url to which proxy_pass is to be proxied, and my proxy is to port 8888 of this machine.

The http version used by proxy_http_version proxy.

Here's the point:

Key parameters of proxy websocket

Proxy_set_header upgrade sets the upgrade of the http request header at proxy time to the request header of the original http request, and the request header of wss protocol is websocketproxy _ set _ header connection. Because of the wss protocol of proxy, the connection of the http request header is set to upgrade.

Proxy_set_header x-real-ip sets the ip of the original http request for the proxy, and just fill in $remote_addr.

As for the parameters of the response of websocket protocol, you don't have to worry about it when you reverse proxy.

At this point, the configuration of nginx reverse proxy websocket is completed. Restart nginx, try connecting with websocket, and fill in wss://abc.com/WSS where the original WSS address is. If websocket is successfully connected, it means that nginx reverse proxy websocket has succeeded.

summary

The current configuration is only the configuration of reverse proxy to this machine. If you want to reverse proxy to another host, there may be cross-domain problems in proxy, so cross-domain configuration needs to be done in nginx's reverse proxy.

think

You can see this paragraph in nginx's configuration file.

location ~ .php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php ; fastcgi_param script_filename $document_root$fastcgi_script_name; include fastcgi_params; }

This is the configuration file of php in nginx. Damn it, it looks so familiar. This configuration list is so similar to the reverse proxy of websocket just now. Only by looking up the information on the Internet can we know that when nginx handles php-type requests, it sends them to fastcgi management process, which selects cgi subprocess to process the results and returns them to nginx, while php-fpm is a php fastcgi manager. nginx itself can't handle php, but it is just a web server. When it receives a request, if it is a php request, it will be sent to a php interpreter for processing and the results will be returned to the client. Therefore, nginx is essentially realized through the reverse proxy function when dealing with php-type requests.

We can expand our thinking and use nginx reverse proxy to achieve more functions, such as proxy tomcat.

location /tomcat { proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; proxy_set_header x-real-ip $remote_addr; }