nginx 与 k8s ingress 配置转发websocket

环境

10.1.100.10:70 是后端websocket 服务

需要通过nginx 向后端转发,nginx 配置文件如下

# cat test-ue4.conf 
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''   close;
}

upstream awebsocket {
    server 10.1.100.10:70; # appserver_ip:ws_port
}

server {
    listen 80;
    server_name test-ue4.xxx.cn;
     location / {
         proxy_pass http://awebsocket;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header Scheme $scheme;
        proxy_set_header Server-Protocol $server_protocol;
        proxy_set_header Server-Name $server_name;
        proxy_set_header Server-Addr $server_addr;
        proxy_set_header Server-Port $server_port;
        # 以下重要
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
     }
}

配置nginx 转发至k8s Ingress

#前端 nginx 配置
# cat  api-vcloud-ue4.moviebook.com.conf 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name api-vcloud-ue4.xxxxx.com;
    location / {
         proxy_pass http://ingress_nginx;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
         
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
}

#k8s ingress 配置

配置 https 并将ws 协议升级为 wss

# 这三行配置是在https 协议上增加的内容，可实现将ws 协议升级为 wss 协议
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

#示例配置文件
# cat  test-ai-scene-nerf.conf    
map $http_upgrade $conn_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    listen 443 ssl;
    server_name test-ai-scene-nerf-002.xxx.com test-ai-scene-nerf-001.xxx.com; 
    
    ssl_certificate      /etc/nginx/ssl/moviebook.com/xxx.com.pem;
    ssl_certificate_key  /etc/nginx/ssl/moviebook.com/xxx.com.key;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    location / {
         proxy_pass http://kubernetes_backend;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
         
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         
         proxy_redirect off; 
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $conn_upgrade;
     }
}