nginx proxy webSocket link responds with 403

Language 2023-10-01 08:01:55 views: null

Table of contents

1. Scene

Using nginx to proxy webSocket link, nginx responds with 403

1. nginx access log response 403

[18/Aug/2023:09:56:36 +0800] "GET /FS_WEB_ASS/webim_api/socket/message HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"

2. Browser link failure

Insert image description here

2. nginx configuration

	## 集群
	upstream cloud_ass {
    
    
		#ip_hash;
		server 192.168.1.233:8087;
		server 192.168.1.243:8087;
	}

    server {
    
    
        listen       8600;
        server_name  localhost;

        location / {
    
    
            root   html;
            index  index.html index.htm;
        }
        
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
    
    
            root   html;
        }
		
		
		location ~* /FS_WEB_ASS/* {
    
    
			proxy_pass http://cloud_ass;
			
			# WebScoket Support
			proxy_http_version 1.1;
			# webscoekt超时时间,如果没有做心跳之类的动作需要配置,否则websocket会反复断开重连
			proxy_read_timeout 700s;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			
			proxy_set_header Origin xxx;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Host $http_host;
			proxy_set_header X-NginX-Proxy true;
			break;
		}
    }

3. Reasons

is proxy_set_header Origin xxxcaused

The specific function of Origin xxx is not clear. If you know, please leave a message.

4. Solve

proxy_set_header Origin xxxChange toproxy_set_header Origin ""

The final configuration is as follows

	## 云ASS集群
	upstream cloud_ass {
    
    
		#ip_hash;
		server 192.168.1.233:8087;
		server 192.168.1.243:8087;
	}

    server {
    
    
        listen       8600;
        server_name  localhost;

        location / {
    
    
            root   html;
            index  index.html index.htm;
        }
        
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
    
    
            root   html;
        }
		

		## 云ASS
		location ~* /FS_WEB_ASS/* {
    
    
			proxy_pass http://cloud_ass;
			
			# WebScoket Support
			proxy_http_version 1.1;
			# webscoekt超时时间,如果没有做心跳之类的动作需要配置,否则websocket会反复断开重连
			proxy_read_timeout 700s;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			
			# 就改了这一行
			proxy_set_header Origin "";
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Host $http_host;
			proxy_set_header X-NginX-Proxy true;
			break;
		}
    }

Supplement: WSSWhen using access, if it is not 443a port, 403the situation will also occur

At this time, you need to set webSocket to allow cross-domain:setAllowedOrigins("*")

//任何ip都可以使用websocket环境
webSocketHandlerRegistry.addHandler(WebSocketHandler的实现类(),"websocket的访问地址").addInterceptors(new HandshakeInterceptor的实现类()).setAllowedOrigins("*");

Guess you like

Origin blog.csdn.net/weixin_52116015/article/details/132356579
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com