openresty nginx https 反向代理 vncserver ,求助
200 views
Skip to first unread message
zhengxia...@163.com
Mar 3, 2016, 4:08:03 AM3/3/16
to openresty
ssl off;
http反向代理 vnc 是正常的 ,最后websocket是长连接的。
ssl on:
https反向代理,到最后一步时,没有保持长连接。
这是我的参数配置,感觉没什么问题,请大神指点!
upstream vnc_server{
server 178.37.35.22:6080;
}
server {
listen 443;
server_name nginx-vnc-ssl;
ssl on;
ssl_certificate i.abcloud.pem;
ssl_certificate_key i.jcloud.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://vnc_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header Upgrade $http_upgrade; // 这2个websocket必备的 也加了
proxy_set_header Connection "Upgrade";
}
server 178.37.35.22:6080;
}
server {
listen 443;
server_name nginx-vnc-ssl;
ssl on;
ssl_certificate i.abcloud.pem;
ssl_certificate_key i.jcloud.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://vnc_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header Upgrade $http_upgrade; // 这2个websocket必备的 也加了
proxy_set_header Connection "Upgrade";
}
zhengxia...@163.com
Mar 3, 2016, 5:03:00 AM3/3/16
to openresty
搞定了,自己解答下:
vnc server那边 有个无关紧要的判断,需要注释掉
相信应该可以通过proxy_set_header设置一个什么东西来解决 ,暂时先不管了,功能一切正常
if not self.verify_origin_proto(connect_info, origin_scheme):
detail = _("Origin header protocol does not match this host.")
#raise exception.ValidationError(detail=detail) #这一行是我注释掉的
detail = _("Origin header protocol does not match this host.")
#raise exception.ValidationError(detail=detail) #这一行是我注释掉的
发件人: zhengxia...@163.com发送时间: 2016-03-03 16:51收件人: openresty主题: [openresty] openresty nginx https 反向代理 vncserver ,求助
--
--
邮件来自列表“openresty”,专用于技术讨论!
订阅: 请发空白邮件到 openresty...@googlegroups.com
发言: 请发邮件到 open...@googlegroups.com
退订: 请发邮件至 openresty+...@googlegroups.com
归档: http://groups.google.com/group/openresty
官网: http://openresty.org/
仓库: https://github.com/agentzh/ngx_openresty
教程: http://openresty.org/download/agentzh-nginx-tutorials-zhcn.html
邮件带有附件预览链接,若您转发或回复此邮件时不希望对方预览附件,建议您手动删除链接。
共有 3 个附件
Reply all
Reply to author
Forward
0 new messages