部署 Rails Nginx 代理 https wss http 访问 ws 、https 如何访问 wss

Kastrcn · December 05, 2018 · Last by kastrcn replied at December 07, 2018 · 7344 hits

通过 niginx 把 http 代理成 https 把 ws 代理成 wss

配置如下

访问 http 页面 页面调用 ActionCable.createConsumer(); 调用 ws 没有问题

访问 https 页面 页面调用 ActionCable.createConsumer(); 调用 ws 报错 https 不能访问 ws

求解如何将 http 页面访问 ws,https 访问 wss

cable.js

(function() {
  this.App || (this.App = {});

  App.cable = ActionCable.createConsumer();

}).call(this);

production.rb

config.action_cable.url = 'ws://XXX.com/cable'

nginx


server {
   listen 80;
   server_name XXX.com;
   root html;
   index index.html index.htm;
   location / {
       root html;
       add_header 'Access-Control-Allow-Origin' '*';
       proxy_pass http://howl_cluster1;
       proxy_set_header  Host $host;
       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header  X-Forwarded-Proto $scheme;
       proxy_set_header  X-Forwarded-Ssl on; # Optional
       proxy_set_header  X-Forwarded-Port $server_port;
       proxy_set_header  X-Forwarded-Host $host;

   }
location /cable {
   proxy_pass http://howl_cluster1;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
  }


  }

  server {
   listen 443;
   server_name XX.com;
   ssl on;
   root html;
   index index.html index.htm;
   ssl_certificate   cert/XX/certificateall.crt;
   ssl_certificate_key  cert/XX/private.key;
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   location / {
       root html;
add_header 'Access-Control-Allow-Origin' '*';
       proxy_pass http://howl_cluster1;
         proxy_set_header  Host $host;
 proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header  X-Forwarded-Proto $scheme;
 proxy_set_header  X-Forwarded-Ssl on; # Optional
 proxy_set_header  X-Forwarded-Port $server_port;
 proxy_set_header  X-Forwarded-Host $host;

   }
location /cable {
   proxy_pass http://howl_cluster1;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
  }

用 nginx 配置成 https , 然后 ws 改成 wss

Reply to hfpp2012

nginx 配置成 https , 然后 ws 改成 wss 都有配置成功
App.cable = ActionCable.createConsumer();这段 js

默认生成的是config.action_cable.url = 'ws://XXX.com/cable'

这个地址 回导致 https 页面请求 ws 不请求 wss

如果吧config.action_cable.url = 'ws://XXX.com/cable' 改成config.action_cable.url = 'wss://XXX.com/cable'

那么就不是 ws 改成 wss 了

Reply to kastrcn

你的 nginx 没配对吧,不用配啥 /cable 之类的,参考我的:

upstream rails365 {
    server unix:///home/deploy/rails365/shared/tmp/sockets/puma.sock fail_timeout=0;
}

server {

    listen 443 ssl;

    ssl_certificate /home/deploy/ssl/www.rails365.net.key.pem;
    ssl_certificate_key /home/deploy/ssl/www.rails365.net.key;
    ssl_dhparam /home/deploy/ssl/www.rails365.net.dhparam.pem;
    client_max_body_size 4G;

    server_name www.rails365.net rails365.net;
    root /home/deploy/rails365/current/public;

    keepalive_timeout 70;

    location ~ ^/assets/ {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }


    try_files $uri/index.html $uri @user1;
    location @user2 {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://rails365;

        # https://github.com/french-connection-jp/france
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {

        root html;
    }

}

server {

    listen 80;
    server_name www.rails365.net rails365.net;
    return 301 https://www.rails365.net$request_uri;
}

You need to Sign in before reply, if you don't have an account, please Sign up first.