今天項目上線 用到wss協議,而後鏈接websocket的時候報錯了 以下nginx
Error in connection establishment: net::ERR_SSL_PROTOCOL_ERRORweb
這是由於咱們websocket 鏈接的域名不支持wss協議bash
項目裏我用的是swoole,監聽端口是9501,由於9501的端口不支持ssl,因此咱們利用nginx代理來解決這個問題:websocket
原理:swoole
wss協議 至關於 https 協議,都在443端口須要ssl證書,咱們在nginx配置一個域名提供給websocket專用,session
而後監聽該域名的80端口和443端口,作一個反向代理,指導9501端口,這樣就能夠實現完整的流程了。socket
server {
listen 80;
server_name xxx;
location / {
proxy_pass http://127.0.0.1:9501;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443;
server_name xxx;
ssl on;
ssl_certificate xxx.pem;
ssl_certificate_key xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://127.0.0.1:9501;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
以上都是本身的看法,有問題能夠指出代理