1, open compression
#----------- gzip -----------
gzip on;
2, websocket agreement to upgrade and get the real client IP address in the request header inside
#------------ http ------------
server {
listen 80;
server_name 192.168.0.110;
#---------- websocket ------------
rental / repeat-chat / message {
proxy_pass http://127.0.0.1:8888; # forwarding service
proxy_http_version 1.1; # protocol version 1.1
proxy_set_header Connection "upgrade"; # upgrade agreement
proxy_set_header Upgrade $ http_upgrade; # quote protocol upgrade type, that is where the agreement websocket
proxy_read_timeout 3m; # read timeout to 3 minutes, 60 seconds by default
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
rental / repeat-cat / {
proxy_pass http://127.0.0.1:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
3, http transfer protocol https protocol
#------------ http ------------
server {
listen 80;
server_name demo.com.cn;
(. *) Rewrite ^ https: // $ host $ 1 permanent; # forward all requests to the https protocol processing
}
#------------ https -----------
server {
listen 443 ssl; # 443 port open ssl
server_name demo.com.cn;
# Set the location where the certificate
ssl_certificate
/usr/local/nginx/ssl/demo.com.cn/Nginx/1_demo.com.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/ssl/demo.com.cn/Nginx/2_demo.com.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256: HIGH:! Anull:! MD5:! RC4:! GOD;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
Reproduced in: https: //www.jianshu.com/p/cf50ae599405