nginx配置tomcat https websockets等问题汇总解决方式

1.配置nginx反向代理到tomcat上，最好是在tomcat的server.xml上的 加入address="127.0.0.1"来限制其他IP访问

然后在 ngix上配置反向代理

配置如下，

 upstream xxx_server {

         server 127.0.0.1:8888 weight=1 max_fails=2;

         keepalive 100;

    }

    server {

        listen 80;
server_name x.x.x.x 127.0.0.1;

        client_max_body_size 256M;       

        

        location  /{
proxy_pass http://xxx_server;
                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header REMOTE-HOST $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_connect_timeout 60;

                proxy_send_timeout 60;

                proxy_read_timeout 60;

                client_max_body_size 30m;

                client_body_buffer_size 512k;

        }

    }

2.websocket   ws://........

原来AB两个项目通过websocket进行数据推送。

对A项目进行 nginx https配置后，发现WS不通。确认需要将B项目也加上https配置。并将ws://修改成wss://

参考配置如下：

server {
listen       80;
server_name  ws.example.com;

ssl on;
ssl_certificate ws.example.com.bundle.crt;
ssl_certificate_key ws.example.com.key;
ssl_session_timeout 5m;
ssl_protocols  SSLv2 SSLv3 TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

location / {
access_log off;
proxy_pass http://ws.example.com:10080; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

# Path rewriting
rewrite /(.*) /$1 break;
proxy_redirect off;

}}