nginx配置tomcat https websockets等问题汇总解决方式

1.配置nginx反向代理到tomcat上，最好是在tomcat的server.xml上的 加入address="127.0.0.1"来限制其他IP访问

然后在 ngix上配置反向代理

配置如下，

 upstream xxx_server {
         server 127.0.0.1:8888 weight=1 max_fails=2;
         keepalive 100;
    }


    server {
        listen 80;
server_name x.x.x.x 127.0.0.1;


        client_max_body_size 256M;       
        
        location  /{
proxy_pass http://xxx_server;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header REMOTE-HOST $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 60;
                proxy_send_timeout 60;
                proxy_read_timeout 60;
                client_max_body_size 30m;
                client_body_buffer_size 512k;
        }
    }

2.websocket   ws://........

原来AB两个项目通过websocket进行数据推送。

对A项目进行 nginx https配置后，发现WS不通。确认需要将B项目也加上https配置。并将ws://修改成wss://

参考配置如下：

server {    listen       80;    server_name  ws.example.com;

    ssl on;    ssl_certificate ws.example.com.bundle.crt;    ssl_certificate_key ws.example.com.key;    ssl_session_timeout 5m;    ssl_protocols  SSLv2 SSLv3 TLSv1;    ssl_ciphers  HIGH:!aNULL:!MD5;    ssl_prefer_server_ciphers   on;

    location / {        access_log off;        proxy_pass http://ws.example.com:10080;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        # WebSocket support (nginx 1.4)        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";

        # Path rewriting        rewrite /(.*) /$1 break;        proxy_redirect off;
    }}