WSS是Web Socket Secure的简称, 它是WebSocket的加密版本。WSS与WS类似于HTTPS和HTTP,不同之处在于是不同的通信协议,都运行在SSL(Secure Socket Layer,安全套接层)之上。
WebSocket协议和HTTP协议虽然不同,但是WebSocket协议的握手和HTTP是兼容的,它使用HTTP的Upgrade协议头将连接从HTTP连接升级到WebSocket连接。这个特性使得WebSocket应用程序可以很容易地应用到现有的基础设施
1 核心代码块
location /wss {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
2 完整 nginx 配置
# 后台接口服务
upstream zb_backendss {
server localhost:8080 weight=10;
}
upstream zb_backendss_admin {
server localhost:8083 weight=10;
}
server {
listen 443 ssl;
listen 80 ;
server_name wuliu.test.com;
ssl on;
ssl_certificate 6447499_wuliu.test.com.pem;
ssl_certificate_key 6447499_wuliu.test.com.key;
ssl_session_timeout 300m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /Z9Mjp4uAGR.txt {
alias /opt/learncoal-webapps/web-admin-toupiao/le/Z9Mjp4uAGR.txt;
}
location /demo/wx {
proxy_pass http://zb_backendss;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /demo/imserver {
proxy_pass http://zb_backendss;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /demo/admin {
proxy_pass http://zb_backendss_admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /admin-api/storage {
rewrite ^/admin-api/storage/(.*)$ /$1 break;
root /opt/ershoutushou/api/dts/storage;
}
location / {
root /opt/learncoal-webapps/web-admin-wuliu/dist;
index index.html index.htm;
}
}
3 在微信小程序中直接使用访问
wss://wuliu.test.com/wss