Table of contents
1. Scene
Using nginx to proxy webSocket link, nginx responds with 403
1. nginx access log response 403
[18/Aug/2023:09:56:36 +0800] "GET /FS_WEB_ASS/webim_api/socket/message HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
2. Browser link failure
2. nginx configuration
## 集群
upstream cloud_ass {
#ip_hash;
server 192.168.1.233:8087;
server 192.168.1.243:8087;
}
server {
listen 8600;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~* /FS_WEB_ASS/* {
proxy_pass http://cloud_ass;
# WebScoket Support
proxy_http_version 1.1;
# webscoekt超时时间,如果没有做心跳之类的动作需要配置,否则websocket会反复断开重连
proxy_read_timeout 700s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin xxx;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
break;
}
}
3. Reasons
is proxy_set_header Origin xxx
caused
The specific function of Origin xxx is not clear. If you know, please leave a message.
4. Solve
proxy_set_header Origin xxx
Change toproxy_set_header Origin ""
The final configuration is as follows
## 云ASS集群
upstream cloud_ass {
#ip_hash;
server 192.168.1.233:8087;
server 192.168.1.243:8087;
}
server {
listen 8600;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
## 云ASS
location ~* /FS_WEB_ASS/* {
proxy_pass http://cloud_ass;
# WebScoket Support
proxy_http_version 1.1;
# webscoekt超时时间,如果没有做心跳之类的动作需要配置,否则websocket会反复断开重连
proxy_read_timeout 700s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 就改了这一行
proxy_set_header Origin "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
break;
}
}
Supplement: WSS
When using access, if it is not 443
a port, 403
the situation will also occur
At this time, you need to set webSocket to allow cross-domain:setAllowedOrigins("*")
//任何ip都可以使用websocket环境
webSocketHandlerRegistry.addHandler(WebSocketHandler的实现类(),"websocket的访问地址").addInterceptors(new HandshakeInterceptor的实现类()).setAllowedOrigins("*");