nginx 与 k8s ingress 配置转发websocket

环境

10.1.100.10:70 是后端websocket 服务

需要通过nginx 向后端转发,nginx 配置文件如下


# cat test-ue4.conf 
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''   close;
}

upstream awebsocket {
    server 10.1.100.10:70; # appserver_ip:ws_port
}

server {
    listen 80;
    server_name test-ue4.xxx.cn;
     location / {
         proxy_pass http://awebsocket;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-PORT $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header Scheme $scheme;
        proxy_set_header Server-Protocol $server_protocol;
        proxy_set_header Server-Name $server_name;
        proxy_set_header Server-Addr $server_addr;
        proxy_set_header Server-Port $server_port;
        # 以下重要
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
     }
}

配置nginx 转发至k8s Ingress

#前端 nginx 配置
# cat  api-vcloud-ue4.moviebook.com.conf 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name api-vcloud-ue4.xxxxx.com;
    location / {
         proxy_pass http://ingress_nginx;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
         
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
}

#k8s ingress 配置

配置 https 并将ws 协议升级为 wss

# 这三行配置是在https 协议上增加的内容,可实现将ws 协议升级为 wss 协议
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

#示例配置文件
# cat  test-ai-scene-nerf.conf    
map $http_upgrade $conn_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    listen 443 ssl;
    server_name test-ai-scene-nerf-002.xxx.com test-ai-scene-nerf-001.xxx.com; 
    
    ssl_certificate      /etc/nginx/ssl/moviebook.com/xxx.com.pem;
    ssl_certificate_key  /etc/nginx/ssl/moviebook.com/xxx.com.key;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    location / {
         proxy_pass http://kubernetes_backend;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
         
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         
         proxy_redirect off; 
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $conn_upgrade;
     }
}
posted @   lixinliang  阅读(1552)  评论(0编辑  收藏  举报
相关博文:
·  nginx ip分流
·  NGINX Ingress Controller 设置未配置过的域名增加默认路由
·  k8s-ingress配置websocket支持
·  nginx-k8s 相关配置详解
·  【云原生】K8s Ingress rewrite与TCP四层转发讲解与实战操作
阅读排行:
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· 写一个简单的SQL生成工具
· AI 智能体引爆开源社区「GitHub 热点速览」
· C#/.NET/.NET Core技术前沿周刊 | 第 29 期(2025年3.1-3.9)
历史上的今天:
2020-10-14 python 中 mysql-connector 操作
点击右上角即可分享
微信分享提示