upstream wechatApplets2 {
server 8.8.8.8:7898 weight=1;
}
server {
listen 443 ssl;
server_name wechatapplets.tt2kj.com;
access_log /var/log/nginx/wechatapplets.abcd.com.access.log;
error_log /var/log/nginx/wechatapplets.abcd.com.error.log;
# 需要准备好证书
ssl_certificate /etc/pki/nginx/4830341_wechatapplets.abcd.com.pem;
ssl_certificate_key /etc/pki/nginx/4830341_wechatapplets.abcd.com.key;
#ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
#协议配置
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
# 转发到http
location / {
# 转发ws地址
proxy_pass http://wechatApplets;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
#由于服务器端源码(建议大家做好大小写匹配)只匹配了"Upgrade"字符串,所以如果这里填"upgrade"服务器端会将这条http请求当成普通的请求,导致websocket握手失败
proxy_set_header Connection "Upgrade";
proxy_set_header Remote_addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 600s;
}
location /abcd{
# 转发ws地址
proxy_pass http://1.1.18.230:25952;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
#由于服务器端源码(建议大家做好大小写匹配)只匹配了"Upgrade"字符串,所以如果这里填"upgrade"服务器端会将这条http请求当成普通的请求,导致websocket握手失败
proxy_set_header Connection "Upgrade";
proxy_set_header Remote_addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 600s;
}
}