Nginx 如何配置 WebSocket 代理?
WebSocket 是一种在单个 TCP 连接上进行全双工通信的协议。Nginx 可以作为 WebSocket 代理,将客户端的 WebSocket 连接转发到后端服务器。
基本配置:
map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; server_name example.com; location /ws { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 超时设置 proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; } }
关键配置说明:
- proxy_http_version 1.1:WebSocket 需要 HTTP/1.1 协议
- Upgrade 和 Connection 头:告诉 Nginx 这是一个 WebSocket 连接
- 超时设置:WebSocket 是长连接,需要设置较长的超时时间
完整配置示例:
http { upstream websocket_backend { server 192.168.1.100:8080; server 192.168.1.101:8080; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; server_name example.com; # WebSocket 代理 location /ws { proxy_pass http://websocket_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 超时设置(根据实际需求调整) proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; # 禁用缓冲 proxy_buffering off; } # 普通请求 location / { proxy_pass http://backend; proxy_set_header Host $host; } } }
HTTPS WebSocket 配置:
server { listen 443 ssl; server_name example.com; ssl_certificate /etc/nginx/ssl/example.com.crt; ssl_certificate_key /etc/nginx/ssl/example.com.key; location /ws { proxy_pass http://websocket_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; } }
WebSocket 负载均衡:
upstream websocket_backend { # 使用 ip_hash 保持会话 ip_hash; server 192.168.1.100:8080; server 192.168.1.101:8080; server 192.168.1.102:8080; }
注意事项:
- 会话保持:WebSocket 连接需要保持到同一台后端服务器,使用 ip_hash 或 sticky 模块
- 超时设置:根据业务需求设置合适的超时时间
- 缓冲:WebSocket 实时通信需要禁用缓冲
- 防火墙:确保防火墙允许长连接
- 负载均衡:避免使用轮询策略,会导致连接中断
性能优化:
# 增加 worker 连接数 events { worker_connections 4096; } # 调整 keepalive upstream websocket_backend { server 192.168.1.100:8080; keepalive 32; } # 优化 TCP 参数 location /ws { proxy_pass http://websocket_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # TCP 优化 proxy_socket_keepalive on; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; }
多路径 WebSocket:
# 不同路径转发到不同后端 location /chat/ws { proxy_pass http://chat_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } location /notification/ws { proxy_pass http://notification_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; }
监控和日志:
# 自定义日志格式 log_format websocket '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'rt=$request_time uct="$upstream_connect_time" ' 'uht="$upstream_header_time" urt="$upstream_response_time"'; access_log /var/log/nginx/websocket_access.log websocket; # 监控连接数 location /nginx_status { stub_status on; access_log off; }
故障排查:
- 连接断开:检查超时设置是否合理
- 无法连接:检查 Upgrade 和 Connection 头是否正确
- 负载均衡问题:使用 ip_hash 保持会话
- 性能问题:调整 worker_connections 和缓冲设置