Nginx How to Configure Http Https WS WSS Method Steps

  • 2021-10-27 10:04:30
  • OfStack

Write at the front

In today's Internet field, Nginx is one of the most used proxy servers, and many big factories use Nginx as proxy server in their own business systems. Therefore, it is necessary for us to know the configurations of Nginx for Http, Https, WS and WSS. Come on, learn Nginx from Glacier 1, 1 advanced, 1 bald ~ ~

Nginx Configuring Http

First, let's talk about how Nginx configures Http. Nginx configuring Http is one of the most commonly used functions of Nginx. Configure the corresponding information in nginx. conf, as shown below.


upstream message {
  server localhost:8080 max_fails=3;
}

server {
 listen       80;
 server_name  localhost;

 location / {
  root   html;
  index  index.html index.htm;
  # Allow cros Cross-domain access  
  add_header 'Access-Control-Allow-Origin' '*';
  #proxy_redirect default;
  # Timeout of connection with proxy server, you must pay attention to this time out The time cannot exceed 75 Seconds, when 1 When a server fails, it passes 10 Seconds to another 1 Server. 
  proxy_connect_timeout 10;
 }
 
  location /message {
    proxy_pass                  http://message;
    proxy_set_header Host $host:$server_port;
 }
}

At this time, visiting http://localhost/message will be forwarded to http://localhost: 8080/message.

Nginx Configuring Https

If the business requires high security for the website, Https may be configured in Nginx at this time. For specific configuration information, please refer to the following methods.


upstream message {
  server localhost:8080 max_fails=3;
}

server {
 listen       443 ssl;
 server_name localhost;
 ssl_certificate    /usr/local/nginx-1.17.8/conf/keys/binghe.pem;
 ssl_certificate_key /usr/local/nginx-1.17.8/conf/keys/binghe.key;
 ssl_session_timeout 20m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_verify_client off;
 location / {
  root   html;
  index  index.html index.htm;
  # Allow cros Cross-domain access  
  add_header 'Access-Control-Allow-Origin' '*';
  # Timeout of connection with proxy server, you must pay attention to this time out The time cannot exceed 75 Seconds, when 1 When a server fails, it passes 10 Seconds to another 1 Server. 
  proxy_connect_timeout 10;
 }
 
  location /message {
    proxy_pass                  http://message;
    proxy_set_header Host $host:$server_port;
 }
}

Access to https://localhost/message is then forwarded to http://localhost: 8080/message.

Nginx Configuration WS

The full name of WS is WebSocket, and it is relatively simple to configure WebSocket for Nginx, which only needs to be configured in nginx. conf file. This approach is simple, but effective, and scales out the service capabilities of the WebSocket server.

For the convenience of friends' better understanding, here, I will focus on Nginx configuration WS.

First, show the configuration file directly, as shown below (copy it directly if you use it, and then change ip and port.)


map $http_upgrade $connection_upgrade { 
 default upgrade; 
 '' close; 
} 
upstream wsbackend{ 
 server ip1:port1; 
 server ip2:port2; 
 keepalive 1000;
} 
 
server { 
 listen 20038; 
 location /{ 
  proxy_http_version 1.1; 
  proxy_pass http://wsbackend; 
  proxy_redirect off; 
  proxy_set_header Host $host; 
  proxy_set_header X-Real-IP $remote_addr; 
  proxy_read_timeout 3600s; 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
  proxy_set_header Upgrade $http_upgrade; 
  proxy_set_header Connection $connection_upgrade; 
 } 
}

Next, we will analyze the specific meanings of the above configurations respectively.

First:


map $http_upgrade $connection_upgrade { 
 default upgrade; 
 '' close; 
} 

Represents:

If $http_upgrade is not ''(null), $connection_upgrade is upgrade. If $http_upgrade is ''(null), then $connection_upgrade is close.

Secondly:


upstream wsbackend{ 
 server ip1:port1; 
 server ip2:port2; 
 keepalive 1000; 
} 

Represents nginx load balancing:

Two servers (ip1: port1) and (ip2: port2).

keepalive 1000 represents the free connections maintained by the upstream server in each nginx process. When there are too many free connections, the least used free connections will be closed. Of course, this is not a limit on the total number of connections. It can be imagined as the size of the free connection pool, and the set value should be affordable for the upstream server.

Finally:


server { 
 listen 20038; 
 location /{ 
  proxy_http_version 1.1; 
  proxy_pass http://wsbackend; 
  proxy_redirect off;
  proxy_set_header Host $host; 
  proxy_set_header X-Real-IP $remote_addr; 
  proxy_read_timeout 3600s; 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
  proxy_set_header Upgrade $http_upgrade; 
  proxy_set_header Connection $connection_upgrade; 
 } 
} 

Represents the configuration of the listening server

listen 20038 represents the port on which nginx listens locations/for listening paths (/for all paths, universal match, equivalent to default) proxt_http_version 1.1 indicates that the version of the HTTP protocol sent by the reverse proxy is 1.1, and HTTP 1.1 supports long connections proxy_pass http://wsbackend; uri representing the reverse proxy, where load balancing variables can be used proxy_redirect off; It means don't replace the path. In fact, it doesn't matter if it is/, because default also replaces the path after proxy_pass proxy_set_header Host $host; It means that the request header is unchanged when passing, $host is an nginx built-in variable, which indicates the current request header, and proxy_set_header means setting the request header proxy_set_header X-Real-IP $remote_addr; Indicates the source ip at the time of delivery or the current client ip proxy_read_timeout 3600s; The connection is closed after the interval between requests of the table exceeds 3600s, the default 60s, and the culprit of automatic closure proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; Indicates that the X-Forwarded-For header does not change proxy_set_header Upgrade $http_upgrade; Indicates that the setting Upgrade is unchanged proxy_set_header Connection $connection_upgrade; Indicates that if $http_upgrade is upgrade, the request is upgrade (websocket), and if not, the connection is closed

At this point, access to ws://localhost: 20038 is forwarded to ip1: port1 and ip2: port2.

Nginx Configuring WSS

WSS means WebSocket + Https, which is a secure WebSocket. Next, let's look at how to configure WSS. When configuring WS, the details of configuration are described in detail, which I will not go into here.


map $http_upgrade $connection_upgrade { 
 default upgrade; 
 '' close; 
} 
upstream wsbackend{ 
 server ip1:port1; 
 server ip2:port2; 
 keepalive 1000; 
} 
server{
 listen 20038 ssl;
 server_name localhost;
 ssl_certificate    /usr/local/nginx-1.17.8/conf/keys/binghe.com.pem;
 ssl_certificate_key /usr/local/nginx-1.17.8/conf/keys/binghe.com.key;
 ssl_session_timeout 20m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_verify_client off;
 location /{
   proxy_http_version 1.1;
   proxy_pass http://wsbackend;
   proxy_redirect off; 
   proxy_set_header Host $host; 
   proxy_set_header X-Real-IP $remote_addr; 
   proxy_read_timeout 3600s; 
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
   proxy_set_header Upgrade $http_upgrade; 
   proxy_set_header Connection $connection_upgrade; 
 }
}

At this point, access to wss://localhost: 20038 is forwarded to ip1: port1 and ip2: port2.


Related articles: