Nginx 反向代理 WebSocket 服务
· 阅读需 1 分钟
# 反向代理
server {
server_name domain.com;
listen 443 ssl;
# 通过 acme.sh 进行签署,具体见:https://blog.wangzhy.com/ssl#acmesh-%E7%AD%BE%E7%BD%B2%E8%AF%81%E4%B9%A6
ssl_certificate /etc/nginx/ssl/xxxx/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/xxxx/domain.com.key;
# SSL 增强配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://host.docker.internal:9001;
# 基础代理头设置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 连接数限制
proxy_http_version 1.1; # 明确指定HTTP1.1
proxy_buffers 8 16k; # 缓冲区优化
proxy_buffer_size 32k;
# WebSocket 专用设置
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 调整超时时间(秒)
proxy_read_timeout 86400; # 保持长连接
proxy_send_timeout 86400;
}
}