我在 Go 服务前使用 nginx 实例。
- 我想将端口 80 上的任何内容重定向到 https。[完毕]
- /* 处的所有(非 websocket)https 请求都应该转到https://localhost:8443/ * [完成]
- /ws/* 处的所有 websocket https 请求都应该转到https://localhost:8443/ws/ * [缺失]
我目前的配置:
ssl_certificate ...
ssl_certificate_key ...
ssl_ciphers ...
ssl_prefer_server_ciphers on;
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
add_header Strict-Transport-Security "max-age=31536000";
location /ws { <--- This only works for /ws but not /ws/app1
proxy_pass http://localhost:8443/ws;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / { <--- Catches anything, even without wildcard ?!
proxy_pass http://localhost:8443;
}
}
server {
listen 443 ssl;
server_name *.mydomain.com;
return 444;
}
为什么这是必要的?好吧,据我了解,您必须明确设置升级标头,所以我想您必须指定另一个位置。
理想情况下,我只使用一个位置,但是 websockets 被阻止(因为升级标头永远不会进入 Go 服务......)
我不是 nginx 专家,所以请耐心等待 =)。
[编辑]
我现在开始工作了。我不确定是否可以始终设置_header 升级/连接,即使它不是 websocket 请求,但我的 Go 服务没有给出 ****,所以它对我有用 =]
ssl_certificate ...
ssl_certificate_key ...
ssl_ciphers ...
ssl_prefer_server_ciphers on;
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
add_header Strict-Transport-Security "max-age=31536000";
location / { <--- Catches anything, even without wildcard ?!
proxy_pass http://localhost:8443;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443 ssl;
server_name *.mydomain.com;
return 444;
}