阿里云slb直接转发到后端wss出现问题,最后自己配置nginx解决:
curl 'wss://lucky2018.ad-mex.com/sktio_awards' -H 'Pragma: no-cache' -H 'Origin: http://127.0.0.1:32416' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: zh-CN,zh;q=0.8' -H 'Sec-WebSocket-Key: fVdvRny+aKy3nLL5GsxPIQ==' -H 'User-Agent: wechatdevtools appservice port/45745 token/e12b4f084ce72d19727b634371f3a0a9' -H 'Upgrade: websocket' -H 'Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits' -H 'Cache-Control: no-cache' -H 'Referer: https://servicewechat.com/wx396686d443fadc7d/devtools/page-frame.html' -H 'Connection: Upgrade' -H 'Sec-WebSocket-Version: 13' --compressed
use nginx and change the dns to the nginx ip
nodejs backend use the cert to configure a https/wss service
nginx proxy to https/wss service : Aliyun SLB only allow proxy to http port in its listenner configuration
[tomcat@f4 default.d]$ cat lucky2018.conf
server {
listen 80;
listen [::]:80;
server_name lucky2018.ad-mex.com 2018lucky.ad-mex.com lucky2018l.ad-mex.com;
access_log /data/log/nginx/lucky-access.log main;
location / {
proxy_pass https://172.17.0.43:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443;
listen [::]:443;
server_name lucky2018.ad-mex.com 2018lucky.ad-mex.com lucky2018l.ad-mex.com;
access_log /data/log/nginx/lucky-access.log main;
ssl_certificate sslkey/ad-mex.com.crt;
ssl_certificate_key sslkey/ad-mex.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://172.17.0.43:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
网友评论