NGINX没有将标头传递给websocket端点 [英] NGINX not passing headers to websocket endpoint

问题描述

我正在尝试将nginx配置为执行身份验证和Websocket的反向代理.它代理将请求传递给apache(/auth/wsgi)进行身份验证-成功后，它将代理传递给websocked后端，该后端是tomcat 8上基于Java的websocket端点.

I am trying to configure nginx as reverse proxy that does authentication and websockets. It proxy-passes request to apache (/auth/wsgi) for authentication - once that succeeds, it then proxy passes to the websocked backend, which is a java based websocket endpoint on tomcat 8.

location /basic/alerting/websocket {
    auth_request /auth/wsgi;
    proxy_pass http://backend.com:8080/websocket;
    proxy_http_version 1.1;
    proxy_set_header Upgrade "Websocket";
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
}

在apache上的身份验证成功.但是，在后端tomcat上，出现此错误:

The authentication on apache succeeds. However, on the backend tomcat, I get this error:

12572237 [http-nio-8080-exec-10]错误org.springframework.web.socket.server.support.DefaultHandshakeHandler-handleWebSocketVersionNotSupported()握手由于不支持的WebSocket版本而失败:null.支持的版本:[13]

12572237 [http-nio-8080-exec-10] ERROR org.springframework.web.socket.server.support.DefaultHandshakeHandler - handleWebSocketVersionNotSupported() Handshake failed due to unsupported WebSocket version: null. Supported versions: [13]

似乎失败是因为后端期望没有通过的标头("Sec-WebSocket-Version").我什至在Nginx日志中看到:

It seems that failure is because the backend is expecting the header ("Sec-WebSocket-Version") which is not getting passed through. I even see in the nginx logs:

2015/03/17 17:28:12 [调试] 20261#0:* 718 http代理标头:"Sec-WebSocket-Version:13"

2015/03/17 17:28:12 [debug] 20261#0: *718 http proxy header: "Sec-WebSocket-Version: 13"

在Nginx配置中我需要做些什么吗?非常感谢您的帮助.

Is there anything I need to do in the nginx config? Very much appreciate your help.

推荐答案

问题是Nginx没有传递所有"Sec-WebSocket- *"标头.然后方法

The problem is that Nginx doesn't pass all the "Sec-WebSocket-*" headers. Then the method AbstractHandshakeHandler.java#handleWebSocketVersionNotSupported() will throw the exception.

解决方法是Nginx复制所有"Sec-WebSocket- *"标头. 请求标头:Sec-WebSocket-Extensions，Sec-WebSocket-Key，Sec-WebSocket-Protocol，Sec-WebSocket-Version 响应头:Sec-WebSocket-Accept，Sec-WebSocket-Extensions，Sec-WebSocket-Protocol

The fix is that Nginx to copy all the "Sec-WebSocket-*" headers. Request headers: Sec-WebSocket-Extensions, Sec-WebSocket-Key, Sec-WebSocket-Protocol, Sec-WebSocket-Version Response headers: Sec-WebSocket-Accept, Sec-WebSocket-Extensions, Sec-WebSocket-Protocol

要复制自定义的Nginx标头，您需要执行以下操作:

To copy a custom Nginx header you need to do something like this:

proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol

这篇关于NGINX没有将标头传递给websocket端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！