1. WebSocket协议简介
WebSocket是一种在单个TCP连接上进行全双工通信的协议,允许服务端主动向客户端推送数据。
2. Nginx配置WebSocket反向代理
基本配置
bash
http {
upstream websocket_backend {
server 127.0.0.1:8080;
server 127.0.0.1:8081;
}
server {
listen 80;
server_name example.com;
location /websocket/ {
# 核心代理配置
proxy_pass http://websocket_backend;
# WebSocket必需的头信息
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 其他重要配置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_connect_timeout 30s;
}
}
}详细配置说明
必需的头信息配置
bash
# 升级HTTP协议到WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";超时配置优化
bash
# WebSocket连接需要较长的超时时间
proxy_read_timeout 3600s; # 读取超时
proxy_send_timeout 3600s; # 发送超时
proxy_connect_timeout 30s; # 连接超时负载均衡配置
bash
upstream websocket_cluster {
# 负载均衡算法
ip_hash; # 保持会话粘性
server 192.168.1.10:8080 weight=3;
server 192.168.1.11:8080 weight=2;
server 192.168.1.12:8080 weight=1;
# 健康检查
check interval=3000 rise=2 fall=5 timeout=1000;
}3. 完整配置示例
单服务器配置
bash
server {
listen 443 ssl;
server_name websocket.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/private.key;
location /ws {
proxy_pass http://localhost:3000;
# WebSocket升级头
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# 客户端真实信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 缓冲区设置
proxy_buffering off;
# 超时设置
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_connect_timeout 30s;
}
}多服务器负载均衡
bash
upstream websocket_servers {
ip_hash;
server 10.0.1.10:8080;
server 10.0.1.11:8080;
server 10.0.1.12:8080;
}
server {
listen 80;
server_name ws.example.com;
location / {
proxy_pass http://websocket_servers;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# 重要:禁用缓冲区
proxy_buffering off;
# 长连接超时
proxy_read_timeout 3600s;
}
}4. 高级配置选项
连接数限制
bash
location /websocket/ {
# 限制并发连接数
limit_conn websocket_zone 10;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 定义连接限制区域
limit_conn_zone $binary_remote_addr zone=websocket_zone:10m;SSL/TLS配置
bash
server {
listen 443 ssl http2;
server_name websocket.example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# WebSocket over WSS
location /wss {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}5. 常见问题排查
连接断开问题
bash
# 增加超时时间
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
# 保持连接活跃
proxy_set_header Connection "keep-alive, upgrade";代理缓冲区问题
bash
location /websocket/ {
# 禁用缓冲区确保实时通信
proxy_buffering off;
proxy_buffer_size 16k;
proxy_pass http://backend;
# ... 其他配置
}6. 性能优化建议
-
使用HTTP/2:提高连接效率
-
启用Gzip压缩:压缩文本数据
-
调整缓冲区大小:根据消息大小调整
-
使用keepalive连接:减少连接建立开销
-
监控连接状态:及时发现问题
7. 测试验证
使用简单的HTML页面测试WebSocket连接:
html
<!DOCTYPE html>
<html>
<body>
<script>
const ws = new WebSocket('wss://websocket.example.com/ws');
ws.onopen = () => console.log('Connected');
ws.onmessage = (event) => console.log('Received:', event.data);
ws.onclose = () => console.log('Disconnected');
</script>
</body>
</html>总结
Nginx作为WebSocket反向代理时,关键在于正确配置HTTP协议升级头和适当的超时设置。通过合理的负载均衡和性能调优,可以构建稳定高效的WebSocket服务架构。