证书生成参考
http://blog.csdn.net/weixin_35884835/article/details/52588157
# 1、首先,进入你想创建证书和私钥的目录,例如: cd /etc/nginx/ # 2、创建服务器私钥,命令会让你输入一个口令: openssl genrsa -des3 -out server.key 1024 # 3、创建签名请求的证书(CSR): openssl req -new -key server.key -out server.csr # 4、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令: cp server.key server.key.org openssl rsa -in server.key.org -out server.key # 5、最后标记证书使用上述私钥和CSR: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
nginx配置:
upstream mybackend {
server 192.168.62.128:3000;
}
server {
listen 443 ssl;
#server_name localhost;
server_name bellard.org;
ssl_certificate /opt/meituan/qemu/deobfuscated/ssl/server.crt;
ssl_certificate_key /opt/meituan/qemu/deobfuscated/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
# root html;
root /opt/meituan/qemu;
index index.html index.htm;
}
location /tap {
# switch off logging
access_log off;
# redirect all HTTP traffic to localhost:8080
#proxy_pass http://192.168.62.128:3000;
#proxy_pass http://bellard.org:3000;
proxy_pass http://mybackend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
参考
http://blog.csdn.net/chopin407/article/details/52937645
https://github.com/nicokaiser/nginx-websocket-proxy/blob/df67cd92f71bfcb513b343beaa89cb33ab09fb05/simple-wss.conf
https://stackoverflow.com/questions/12102110/nginx-to-reverse-proxy-websockets-and-enable-ssl-wss
network-websockets.js
改成
tuntapWS_connection = new WebSocket('wss://192.168.62.128/tap', []);
tuntapWS_connection = new WebSocket('wss://bellard.org/tap', []);
/etc/hosts
192.168.62.128 bellard.org
把jslinux从http切换成https,顺带ws换成wss
注意,如果是域名访问的,就把ip都写成域名,否则可能认证错误