wss 报错，ws 正常

echo_class 2022-08-14

ws访问正常，现在做小程序，需要 wss，按照文档中第二种方法，修改 nginx 代理，结果一直报错。
nginx 中 conf的配置如下：

server {
    listen 443;
    server_name api.***.city;
    ssl on;
    ssl_certificate        /etc/nginx/conf.d/wss/scs166028******_api.***.city_server.crt;
    ssl_certificate_key /etc/nginx/conf.d/wss/scs166028******_api.***.city_server.key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

    location /wss
    {
      proxy_pass http://127.0.0.1:8282;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      rewrite /wss/(.*) /$1 break;
      proxy_redirect off;
    }
}

前端访问：

uni.connectSocket({
        url: "wss://api.***.city/wss",  //加不加端口号都无效，域名后加不加 wss 也无效
        success: (res) => {
            console.log('连接成功了！')
        },
        fail: (res) => {
            console.log('连接失败信息：' + res.data)
            // reconnect();
        }
    })

报以下错误：

WebSocket connection to 'wss://api.***.city/wss' failed: Error during WebSocket handshake: Unexpected response code: 404
WebSocket connection to 'wss://api.***.city:8282/wss' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
WebSocket connection to 'wss://api.***.city:8282/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
WebSocket connection to 'wss://api.***.city/' failed: Error during WebSocket handshake: Unexpected response code: 200

百度了很多答案，都试过了，无效。
查询云服务器，安全组显示443，8282这些端口均已放行。

 2519  5 2

5个回答

ichynul 2022-08-14

rewrite /wss/(.*) /$1 break; 好像多余

echo_class 2022-08-14

谢谢评论。已经去掉这两行多余的代码，重启后仍然不能通过 wss 连接

xiuwang 2022-08-14

改完nginx配置要重启nginx才能生效，

rewrite /wss/(.*) /$1 break;
proxy_redirect off;

这2个配置手册没有，感觉多余。
地址用 wss://api.***.city/wss 是正确的

echo_class 2022-08-14

谢谢评论。每次修改完 nginx 配置，都会先检查语法再重启。删掉那两行多余的配置，也是一样的结果，还是报异常
xiuwang 2022-08-14

是不是使用了cdn啊

ichynul 2022-08-14

location /wss/ {
    proxy_redirect off;
    proxy_pass http://127.0.0.1:8282;
    proxy_set_header Host $host;
    proxy_set_header X-Real_IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection upgrade;
    break;
}

echo_class 2022-08-14

谢谢评论，已经完全按照这个改过了，重启后仍然报错：

WebSocket connection to 'wss://api.***.city:8282/wss' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR

不加端口访问，报404错误：

WebSocket connection to 'wss://api.***.city/wss' failed: Error during WebSocket handshake: Unexpected response code: 404

ichynul 2022-08-14

觉得你有点懵，什么加不加端口的。
wss://就不需要端口了，默认走的是443，再转发到8282。
要么：ws://api..city:8282 （可Ip+端口或域名+端口）
要么：wss://api..city:/wss/（只可域名，通过路径/wss/转发）

此外，结尾的：/wss 与 /wss/ 好像有区别的，把后面的/加上试试：wss://api.***.city/wss/
ichynul 2022-08-14

和nginx里面的配置有关。
我的配置类似：
location /wss/
{
}
那连接的时候就用:wss://api..city/wss/
网上其他教程没有/结尾
location /wss
{
}
那连接的时候就用:wss://api..city:/wss

而且这个地址可以直接使用浏览器打开的: https://api.***.city/wss/
echo_class 2022-08-14

感谢。wss 后面加一斜杠，现在确实可以连接上了。谢谢~

echo_class 2022-08-14

完整的 nginx 配置如下：

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
    server{
        listen 80;
        server_name api.***.city;
        root /Apps/***_app/public;
        index index.html index.php;
    if ($http_origin = ""){
                set $http_origin $http_host;
        }
        add_header Access-Control-Allow-Origin $http_origin;
        add_header Access-Control-Allow-Methods $http_access_control_request_method;
        add_header Access-Control-Allow-Credentials true;
        add_header Access-Control-Allow-Headers $http_access_control_request_headers;
        add_header Access-Control-Max-Age 1728000;
    add_header Access-Control-Allow-Origin *;
        if ($request_method = 'OPTIONS') {
                return 204;
        }
     location / {
        try_files $uri $uri/ /index.php;
      }

     location ~* \.php$ {
          root /Apps/***_app/public;
          fastcgi_index index.php;
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_param SCRIPT_FILENAME /Apps/***_app/public/index.php;
          fastcgi_param PATH_INFO $fastcgi_path_info;
          fastcgi_split_path_info ^(.+.php)(.*)$;
          include fastcgi_params;
     }
    }

   server {
       listen                  80;
       listen             443 ssl;
       server_name  api.***.city;
       root /Apps/***_app/public;
       index index.html index.php;
       ssl_certificate     /etc/nginx/cert/api/scs1660289054299_api.***.city_server.crt;
       ssl_certificate_key /etc/nginx/cert/api/scs1660289054299_api.***.city_server.key;
       ssl_session_timeout 10m;
       ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers    ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
       ssl_prefer_server_ciphers on;
       add_header Access-Control-Allow-Origin '*';
       add_header Access-Control-Allow-Methods $http_access_control_request_method;
       add_header Access-Control-Allow-Credentials true;
       add_header Access-Control-Allow-Headers $http_access_control_request_headers;
       if ($request_method = 'OPTIONS') {
           return 204;
       }
       location / {
       try_files $uri $uri/ /index.php;
      }
      location ~* \.php$ {
          root /Apps/***_app/public;
          fastcgi_index index.php;
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_param SCRIPT_FILENAME /Apps/***_app/public/index.php;
          fastcgi_param PATH_INFO $fastcgi_path_info;
          fastcgi_split_path_info ^(.+.php)(.*)$;
          include fastcgi_params;      
      }
  }
  server {
    listen 443;
    server_name api.***.city;
    ssl on;
    ssl_certificate     /etc/nginx/cert/api/scs1660289054299_api.***.city_server.crt;
    ssl_certificate_key /etc/nginx/cert/api/scs1660289054299_api.***.city_server.key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

    location /wss/
    {
      proxy_redirect off;
      proxy_pass http://127.0.0.1:8282;
      proxy_set_header Host $host;
      proxy_set_header X-Real_IP $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection upgrade;
      break; 
   }
 }
}

liziyu 2022-08-14

感谢分享，收藏了。

lee9557 2022-08-26

location /wss/{
proxy_pass http://127.0.0.1:8282;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}

wss://www.xxx.com/wss/

这个完全OK
nginx大于1.10