当前位置: 移动技术网 > 网络运营>服务器>nginx > 详解Nginx反向代理WebSocket响应403的解决办法

详解Nginx反向代理WebSocket响应403的解决办法

2019年04月18日  | 移动技术网网络运营  | 我要评论

公车狂操梦欣,is弹弹堂,王小京

在nginx反向代理一个带有websocket功能的spring web程序( )时,发现访问websocket接口时总是出现403响应,nginx的配置参考的是 

http {
  // ssl 相关配置 ...
  
  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  server {
    listen 8020;
    location /ws {
      proxy_pass http://some-ip:8080;
      proxy_http_version 1.1;
      proxy_set_header upgrade $http_upgrade;
      proxy_set_header connection $connection_upgrade;
    }
  }
}

唯一不同的是我们的nginx配置了https。

于是打开spring日志查看直接访问和通过nginx访问的差别。

直接访问的日志:

debug ... o.s.web.servlet.dispatcherservlet    : dispatcherservlet with name 'dispatcherservlet' processing get request for [/ws/gs-guide-websocket/786/kz0qai5l/websocket]
debug ... s.w.s.m.m.a.requestmappinghandlermapping : looking up handler method for path /gs-guide-websocket/786/kz0qai5l/websocket
debug ... s.w.s.m.m.a.requestmappinghandlermapping : did not find handler method for [/gs-guide-websocket/786/kz0qai5l/websocket]
debug ... o.s.w.s.s.s.websockethandlermapping   : matching patterns for request [/gs-guide-websocket/786/kz0qai5l/websocket] are [/gs-guide-websocket/**]
debug ... o.s.w.s.s.s.websockethandlermapping   : uri template variables for request [/gs-guide-websocket/786/kz0qai5l/websocket] are {}
debug ... o.s.w.s.s.s.websockethandlermapping   : mapping [/gs-guide-websocket/786/kz0qai5l/websocket] to handlerexecutionchain with handler [org.springframework.web.socket.sockjs.support.sockjshttprequesthandler@307f6b8c] and 1 interceptor
debug ... o.s.web.servlet.dispatcherservlet    : last-modified value for [/ws/gs-guide-websocket/786/kz0qai5l/websocket] is: -1
debug ... o.s.web.cors.defaultcorsprocessor    : skip cors processing: request is from same origin
debug ... o.s.w.s.s.t.h.defaultsockjsservice    : processing transport request: get http://localhost:8080/ws/gs-guide-websocket/786/kz0qai5l/websocket
debug ... o.s.web.servlet.dispatcherservlet    : null modelandview returned to dispatcherservlet with name 'dispatcherservlet': assuming handleradapter completed request handling
debug ... o.s.web.servlet.dispatcherservlet    : successfully completed request

通过nginx访问的日志:

debug ... o.s.web.servlet.dispatcherservlet    : dispatcherservlet with name 'dispatcherservlet' processing get request for [/ws/gs-guide-websocket/297/jp1c3ab5/websocket]
debug ... s.w.s.m.m.a.requestmappinghandlermapping : looking up handler method for path /gs-guide-websocket/297/jp1c3ab5/websocket
debug ... s.w.s.m.m.a.requestmappinghandlermapping : did not find handler method for [/gs-guide-websocket/297/jp1c3ab5/websocket]
debug ... o.s.w.s.s.s.websockethandlermapping   : matching patterns for request [/gs-guide-websocket/297/jp1c3ab5/websocket] are [/gs-guide-websocket/**]
debug ... o.s.w.s.s.s.websockethandlermapping   : uri template variables for request [/gs-guide-websocket/297/jp1c3ab5/websocket] are {}
debug ... o.s.w.s.s.s.websockethandlermapping   : mapping [/gs-guide-websocket/297/jp1c3ab5/websocket] to handlerexecutionchain with handler [org.springframework.web.socket.sockjs.support.sockjshttprequesthandler@307f6b8c] and 1 interceptor
debug ... o.s.web.servlet.dispatcherservlet    : last-modified value for [/ws/gs-guide-websocket/297/jp1c3ab5/websocket] is: -1
debug ... o.s.w.s.s.t.h.defaultsockjsservice    : processing transport request: get http://localhost:8080/ws/gs-guide-websocket/297/jp1c3ab5/websocket
debug ... o.s.w.s.s.s.originhandshakeinterceptor  : handshake request rejected, origin header value https://some-host.com not allowed
debug ... o.s.w.s.s.s.handshakeinterceptorchain  : org.springframework.web.socket.server.support.originhandshakeinterceptor@25ce6ad4 returns false from beforehandshake - precluding handshake
debug ... o.s.web.servlet.dispatcherservlet    : null modelandview returned to dispatcherservlet with name 'dispatcherservlet': assuming handleradapter completed request handling
debug ... o.s.web.servlet.dispatcherservlet    : successfully completed request

注意到直接访问的日志里有这么一条:

复制代码 代码如下:

debug ... o.s.web.cors.defaultcorsprocessor : skip cors processing: request is from same origin

通过nginx访问的日志里有这么一条:

复制代码 代码如下:

debug ... o.s.w.s.s.s.originhandshakeinterceptor   : handshake request rejected, origin header value not allowed

然后google查询相关解决办法,找到github上的这个 ,所以只需要修改nginx的配置,添加 proxy_set_header origin ""; 就行了:

http {
  // ssl 相关配置 ...
  
  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  server {
    listen 8020;
    location /ws {
      proxy_pass http://some-ip:8080;
      proxy_http_version 1.1;
      proxy_set_header upgrade $http_upgrade;
      proxy_set_header connection $connection_upgrade;
      proxy_set_header origin "";
    }
  }
}

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。

您可能感兴趣的文章:

如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网