Nginx 反向代理 websocket

最近有一個需求，就是需要使用 nginx 反向代理 websocket，經過查詢一番資料，目前已經測試通過，本文只做一個記錄

注： 看官方文件說 Nginx 在 1.3 以後的版本才支援 websocket 反向代理，所以要想使用支援 websocket 的功能，必須升級到 1.3 以後的版本，因此我這邊是下載的 Tengine 的最新版本測試的

1. 下載 tengine 最近的原始碼

   wget http://tengine.taobao.org/download/tengine-2.0.3.tar.gz

2. 安裝基礎的依賴包

   yum -y install pcre*
   yum -y install zlib*
   yum -y install openssl*

3. 解壓編譯安裝
   tar -zxvf tengine-2.0.3.tar.gz cd tengine-2.0.3 ./configure --prefix=安裝目錄 make sudo make install

nginx.conf 的配置如下：

user apps apps;
worker_processes  4; # 這個由於我是用的虛擬機器，所以配置的 4 ，另外 tengine 可以自動根據CPU數目設定程式個數和繫結CPU親緣性
# worker_processes auto
# worker_cpu_affinity auto

error_log  logs/error.log;

pid        logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}

# load modules compiled as Dynamic Shared Object (DSO)
#
#dso {
#    load ngx_http_fastcgi_module.so;
#    load ngx_http_rewrite_module.so;
#}

http {
    include       mime.types;
    default_type  application/octet-stream;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 4k;
    large_client_header_buffers 4 32k;
    client_max_body_size 80m;

    sendfile on;
    tcp_nopush     on;

    client_body_timeout  5;
    client_header_timeout 5;
    keepalive_timeout  5;
    send_timeout       5;

    open_file_cache max=65535 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;

    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    client_body_buffer_size  512k;
    proxy_connect_timeout    5;
    proxy_read_timeout       60;
    proxy_send_timeout       5;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
    proxy_temp_path   /dev/shm/temp;
    proxy_cache_path  /dev/shm/cache levels=2:2:2   keys_zone=cache_go:200m inactive=5d max_size=7g;

    log_format log_access  '$remote_addr - $remote_user [$time_local] "$request" "$request_time" "$upstream_response_time"'
              '$status $body_bytes_sent "$http_referer" '
              '"$http_user_agent" $http_x_forwarded_for $host $hostname' ;

    #websocket 需要加下這個
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    include /home/apps/tengine/conf/test.com; 

}

test.com 的配置檔案內容：

upstream test.com {
   server 192.168.1.5:9000;
}

server {
    listen       80;
    server_name  test.com;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    location  ^~  /websocket {
        proxy_pass http://test.com;

        proxy_redirect    off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}

解析 map 指令

上面 nginx.conf 配置中的 map $http_upgrade $connection_upgrade 的作用，參考 http://www.ttlsa.com/nginx/using-nginx-map-method/

該作用主要是根據客戶端請求中 $http_upgrade 的值，來構造改變 $connection_upgrade 的值，即根據變數 $http_upgrade 的值建立新的變數 $connection_upgrade，建立的規則就是 {} 裡面的東西，請見配置：

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

其中的規則沒有做匹配，因此使用預設的，即 $connection_upgrade 的值會一直是 upgrade。然後如果 $http_upgrade為空字串的話，那值會是 close。個人的理解！

參考資料

1. http://nginx.com/blog/websocket-nginx/
2. nginx 的關於 websocket 官方文件：http://nginx.org/en/docs/http/websocket.html
3. 開發者的部落格：http://blog.fens.me/nodejs-websocket-nginx/
4. rfc2616 文件介紹 Upgrade 的章節：http://tools.ietf.org/html/rfc2616#section-14.42
5. http://pastebin.com/LZhXpvQM
6. http://stackoverflow.com/questions/15193743/nginx-reverse-proxy-websockets
7. http://blog.sina.com.cn/s/blog_7303a1dc0100ycd1.html