说明

Websocket(简称ws)是一种双向通信协议,使用与HTTP协议相同的端口,并通过HTTP_Upgrade机制来进行握手建立连接。而使用HTTP协议的反向代理可能对Websocket不起作用,所以本教程主要介绍基于Caddy2、Nginx、Apache2的Websocket反向代理配置。

Caddy2

1
2
3
4
5
6
xml.wiki {
tls /root/cert/pem /root/cert/key #或由Caddy自动申请
reverse_proxy localhost:7890 #所有代理请求
reverse_proxy /xml/* localhost:7890 #/xml开头的请求代理
reverse_proxy /xml{http.request.uri.path} localhost:7890{http.request.uri.path} #保留原始请求路径的路由
}

Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
server {
listen 443 ssl;
server_name xml.wiki;
ssl_certificate /root/cert/pem;
ssl_certificate_key /root/cert/key;
ssl_session_timeout 5m;

location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:7890;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Apache2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
sudo a2enmod ssl rewrite proxy proxy_http proxy_wstunnel
nano /etc/apache2/sites-available/000-default.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName xml.wiki
SSLEngine on
SSLCertificateFile /root/cert/pem
SSLCertificateKeyFile /root/cert/key
ProxyRequests off
ProxyPreserveHost on
RewriteEngine on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#反向代理http请求
ProxyPass / http://localhost:7890/
ProxyPassReverse / http://localhost:7890/
#反向代理websocket连接
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:7890%{REQUEST_URI} [P]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>

systemctl reload apache2