From 3bf1b6f4746af7296d234f6bb8e234a09785e07b Mon Sep 17 00:00:00 2001 From: moyin <244344649@qq.com> Date: Mon, 5 Jan 2026 11:17:16 +0800 Subject: [PATCH] =?UTF-8?q?config=EF=BC=9A=E6=B7=BB=E5=8A=A0nginx=20WebSoc?= =?UTF-8?q?ket=E4=BB=A3=E7=90=86=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - nginx.conf: 当前生产环境的nginx配置 - nginx_complete_fix.conf: 完整的WebSocket支持配置模板 包含WebSocket升级映射、HTTP重定向、SSL配置等完整方案 支持ws://到wss://的协议升级和重定向处理 --- nginx.conf | 61 ++++++++++++++++++++++++++++ nginx_complete_fix.conf | 89 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+) create mode 100644 nginx.conf create mode 100644 nginx_complete_fix.conf diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..7449d67 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,61 @@ +server { + listen 443 ssl; + + server_name whaletownend.xinghangee.icu; + + ssl_certificate /home/ubuntu/node_test/keys/whaletownend.xinghangee.icu_bundle.crt; + ssl_certificate_key /home/ubuntu/node_test/keys/whaletownend.xinghangee.icu.key; + client_max_body_size 500M; + ssl_session_timeout 5m; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; + ssl_prefer_server_ciphers on; + add_header X-Content-Type-Options "nosniff" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always; + + location /socket.io/ { + proxy_pass http://127.0.0.1:3000/socket.io/; + + # 基础反向代理头 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Socket.IO/WebSocket 核心配置 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + # 关键:Socket.IO 需要长超时 + 关闭缓冲 + proxy_connect_timeout 75s; + proxy_send_timeout 3600s; + proxy_read_timeout 3600s; + proxy_buffering off; + proxy_cache off; # 关闭缓存,避免 Socket.IO 消息延迟 + } + + location / { + proxy_pass http://127.0.0.1:3000; + # 必须加的 header + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # 避免第一次请求断开 + proxy_http_version 1.1; + proxy_set_header Connection ""; + + # 调大超时,避免初始化时被踢掉 + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # 建议关闭缓冲,防止页面流式加载时被截断 + proxy_buffering off; + } +} \ No newline at end of file diff --git a/nginx_complete_fix.conf b/nginx_complete_fix.conf new file mode 100644 index 0000000..38a3a3d --- /dev/null +++ b/nginx_complete_fix.conf @@ -0,0 +1,89 @@ +# 完整的nginx配置 - 支持HTTP重定向和WebSocket + +# 在 http 块中添加 WebSocket 升级映射 +http { + # WebSocket 升级映射 - 必须在 http 块中 + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + # HTTP server - 重定向到HTTPS + server { + listen 80; + server_name whaletownend.xinghangee.icu; + + # 重定向所有HTTP请求到HTTPS + return 301 https://$host$request_uri; + } + + # HTTPS server - 主要配置 + server { + listen 443 ssl; + server_name whaletownend.xinghangee.icu; + + # SSL配置 + ssl_certificate /home/ubuntu/node_test/keys/whaletownend.xinghangee.icu_bundle.crt; + ssl_certificate_key /home/ubuntu/node_test/keys/whaletownend.xinghangee.icu.key; + ssl_session_timeout 5m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; + ssl_prefer_server_ciphers on; + + # 安全头 + add_header X-Content-Type-Options "nosniff" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always; + + client_max_body_size 500M; + + # Socket.IO 配置 - 使用升级映射 + location /socket.io/ { + proxy_pass http://127.0.0.1:3000/socket.io/; + + # 基础反向代理头 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket 核心配置 - 使用映射变量 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; # 使用映射变量 + + # 超时配置 + proxy_connect_timeout 75s; + proxy_send_timeout 3600s; + proxy_read_timeout 3600s; + + # 关闭缓冲 + proxy_buffering off; + proxy_cache off; + } + + # 普通HTTP请求 + location / { + proxy_pass http://127.0.0.1:3000; + + # 基础代理头 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # HTTP配置 + proxy_http_version 1.1; + proxy_set_header Connection ""; + + # 超时配置 + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # 关闭缓冲 + proxy_buffering off; + } + } +} \ No newline at end of file