nginx configuration wss
And for a long time I did not update my blog, today for some of the work, need to build wss in nginx, look at the following example I
first step
To apply for your SSL certificate number, and get private.key full_chain.pem these two documents
The second step
Key download a conversion tool, recommend it, very good use https://keymanager.org/, a good open after downloading, select Import Certificate
Private.key and then upload these two files full_chain.pem
Then choose to change the certificate menu, select Export certificate
Then select nginx, and then export. After you unzip the file will get a .cert
third step
The .cert private.key file and upload files to the server, upload it here I will file the consent of nginx configuration file directory, namely / etc / nginx
Then edit the nginx configuration file vim /etc/nginx/nginx.conf, then change your domain name servername, and then in the bottom of adding include /etc/nginx/conf/wss.conf;
Then create a wss.conf; vim wss.conf, and enter the following
upstream websocket {server 101.200.59.227:80;# websocket remote server address} upstream web {server www.mxspace.club; # #} remote http proxy interfaces to the upper interface of the following to reverseserver {
listen 443;#默认https和wss协议端口
ssl on;
ssl_certificate /etc/nginx/www.mxspace.club_chain.crt;#你的上传到服务器的证书位置
ssl_certificate_key /etc/nginx/private.key;#你的上传到服务器的证书位置
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
underscores_in_headers on;#开启自定义头信息的下划线
#wss协议转发 小程序里面要访问的链接
location /wss {
proxy_pass http://websocket;#代理到上面的地址去
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#https协议转发 小程序里面要访问的链接
location /{
proxy_pass http://web;#代理到原有的http的地址去
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Access-Control-Allow-Origin *;#跨域访问设置
}
}
Then to be all right, client access time when he wrote wss: // domain / wss can