• notice
  • Congratulations on the launch of the Sought Tech site

How does Nginx configure Http, Https, WS, WSS?

write in front

In today's Internet field, Nginx is one of the most used proxy servers. Many large factories use Nginx as a proxy server in their business systems. Therefore, it is necessary for us to understand the various configurations of Nginx for Http, Https, WS, and WSS. Come and come, learn Nginx with Glacier, advance together, and go bald together~~

Nginx configure Http

First, let's talk about how Nginx configures Http. Nginx configuration Http is one of the most commonly used functions of Nginx. Configure the corresponding information in nginx.conf as shown below.

upstream message {
  server localhost:8080 max_fails=3;
}

server {
listen 80;
server_name localhost;

location / {
root html;
index index.html index.htm;
#Allow cros cross-domain access
add_header 'Access-Control-Allow-Origin' '*';
#proxy_redirect default;
#Timeout time for connecting to the proxy server. It must be noted that the time out time cannot exceed 75 seconds. When a server goes down, it will be forwarded to another server after 10 seconds.
proxy_connect_timeout 10;
}

location /message {
proxy_pass http://message;
proxy_set_header Host $host:$server_port;
}
}

At this point, the visit http://localhost/messagewill be forwarded http://localhost:8080/messageto .

Nginx configure Https

If the business has high security requirements for the website, Https may be configured in Nginx at this time. The specific configuration information can be done as follows.

upstream message {
  server localhost:8080 max_fails=3;
}

server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx-1.17.8/conf/keys/binghe.pem;
ssl_certificate_key /usr/local/nginx-1.17.8/conf/keys/binghe.key;
ssl_session_timeout 20m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location / {
root html;
index index.html index.htm;
#Allow cros cross-domain access
add_header 'Access-Control-Allow-Origin' '*';
#Timeout time for connecting to the proxy server. It must be noted that the time out time cannot exceed 75 seconds. When a server goes down, it will be forwarded to another server after 10 seconds.
proxy_connect_timeout 10;
}

location /message {
proxy_pass http://message;
proxy_set_header Host $host:$server_port;
}
}

The visit https://localhost/messagewill then be forwarded http://localhost:8080/messageto .

Nginx configure WS

The full name of WS is WebSocket, and it is relatively simple to configure WebSocket in Nginx. You only need to configure it in the nginx.conf file. This method is very simple, but very effective, and can horizontally expand the service capabilities of the WebSocket server.

In order to facilitate a better understanding of the small partners, here, I will focus on Nginx configuration WS.

First display the configuration file directly, as shown below (copy it directly if you use it, and then change the ip and port)

map $http_upgrade $connection_upgrade { 
default upgrade;
'' close; } upstream wsbackend{
server ip1:port1;
server ip2:port2;
keepalive 1000;}
server {
listen 20038;
location /{
proxy_http_version 1.1;
proxy_pass http://wsbackend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 3600s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
} }

Next, we will analyze the specific meaning of the above configuration separately.

first:

map $http_upgrade $connection_upgrade { 
default upgrade;
'' close; }

means:

  • If $http_upgrade is not '' (empty),then $connection_upgrade is upgrade.

  • If $http_upgrade is '' (empty), then $connection_upgrade is close.

Next:

upstream wsbackend{ 
server ip1:port1;
server ip2:port2;
keepalive 1000; }

It means nginx load balancing:

  • Two servers (ip1:port1) and (ip2:port2).

  • keepalive 1000 represents the idle connections maintained by the upstream server in each nginx process. When there are too many idle connections, the least used idle connections will be closed. Of course, this is not a limit to the total number of connections, it can be imagined as the size of the idle connection pool, set The value should be acceptable to the upstream server.

At last:

server { 
listen 20038;
location /{
proxy_http_version 1.1;
proxy_pass http://wsbackend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 3600s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
} }

Indicates the configuration of the listening server

  • listen 20038 indicates the port on which nginx is listening

  • locations / Indicates the listening path (/ indicates all paths, universal matching, equivalent to default)

  • proxt_http_version 1.1 indicates that the version of the HTTP protocol sent by the reverse proxy is 1.1, and HTTP1.1 supports long connections

  • proxy_pass http://wsbackend ; Represents the uri of the reverse proxy, where load balancing variables can be used

  • proxy_redirect off; means not to replace the path, in fact, it doesn't matter if it is / here, because default also replaces the path to the back of proxy_pass

  • proxy_set_header Host $host; Indicates that the request header remains unchanged when passing, $host is a built-in variable of nginx, which represents the current request header, and proxy_set_header represents setting the request header

  • proxy_set_header X-Real-IP $remote_addr; Indicates that the source ip is still the current client ip when passing

  • proxy_read_timeout 3600s; The connection is closed after the interval between two requests of the table exceeds 3600s. The default is 60s, which is the culprit of automatic closing.

  • proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; Indicates that the X-Forwarded-For header does not change

  • proxy_set_header Upgrade $http_upgrade; Indicates that the upgrade is set unchanged

  • proxy_set_header Connection $connection_upgrade;indicates that if $http_upgrade is upgrade, the request is upgrade (websocket), if not, close the connection

At this point, the visit ws://localhost:20038will be forwarded to andip1:port1 .ip2:port2

Nginx configure WSS

WSS stands for WebSocket + Https. In layman's terms, it is a secure WebSocket. Next, let's take a look at how to configure WSS. When configuring WS, the details of the configuration are described in detail, and I will not introduce them in detail here.

map $http_upgrade $connection_upgrade { 
default upgrade;
'' close; } upstream wsbackend{
server ip1:port1;
server ip2:port2;
keepalive 1000; } server{
listen 20038 ssl;
server_name localhost;
ssl_certificate    /usr/local/nginx-1.17.8/conf/keys/binghe.com.pem;
ssl_certificate_key /usr/local/nginx-1.17.8/conf/keys/binghe.com.key;
ssl_session_timeout 20m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location /{
 proxy_http_version 1.1;
 proxy_pass http://wsbackend;
 proxy_redirect off;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_read_timeout 3600s;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $connection_upgrade;
}}

At this point, the visit wss://localhost:20038will be forwarded to andip1:port1 .ip2:port2

Did you guys learn? Welcome to leave a message at the end of the article.


Tags

Technical otaku

Sought technology together

Related Topic

0 Comments

Leave a Reply

+