# WebSocket 配置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream tornadoes {
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 443;
server_name wx.cn; # 改为绑定证书的域名
#access_log /var/log/nginx/https_wx_access.log main;
# ssl 配置
ssl on;
ssl_certificate wx_ssl/1_wx.coderr.cn_bundle.crt;
ssl_certificate_key wx_ssl/2_wx.coderr.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# WebSocket 配置
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# 静态文件的配置
#location /static/ {
# root /tmp/pycharm_project_deploy/;
# if ($query_string) {
# expires max;
# }
#}
location / {
proxy_pass_header Server;
proxy_redirect off;
proxy_set_header X-Scheme $scheme;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
real_ip_header X-Real-IP;
#proxy_pass http://127.0.0.1:8000;
proxy_pass http://tornadoes;
}
}
#mqtt
# WebSocket 配置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name wx.corr.cn;
#证书文件名称
ssl_certificate /usr/local/openresty/nginx/conf/ssl/wx.coderr.cn_nginx/wx.corr.cn_bundle.crt;
#私钥文件名称
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/wx.coderr.cn_nginx/wx.corr.cn.key;
ssl_session_timeout 120m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站运行目录在/etc/www下,则填写/etc/www。
root html;
index index.html index.htm;
}
location /mqtt {
proxy_redirect off;
# 反向代理到 EMQ 非加密 WebSocket ws
proxy_pass http://127.0.0.1:8083;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
# WebSocket 额外请求头
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}