Nginx或Apache通过反向代理配置wss服务

为不影响网站正常业务，使用 xx.com/wss 作为代理入口，即客户端连接地址为：wss://xx.com/wss

nginx配置：

server {
  listen 443;
 
  ssl on;
  ssl_certificate /etc/ssl/server.pem;
  ssl_certificate_key /etc/ssl/server.key;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:50m;
  ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 
  location /wss
  {
    proxy_pass http://127.0.0.1:2345;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header X-Real-IP $remote_addr;
  }
  
  # location / {} 站点的其它配置...
}

apache配置：
需开启proxy_wstunnel_module模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

#extra/httpd-ssl.conf
DocumentRoot "/网站/目录"
ServerName 域名
 
# Proxy Config
SSLProxyEngine on
 
ProxyRequests Off
ProxyPass /wss ws://127.0.0.1:2345
ProxyPassReverse /wss ws://127.0.0.1:2345
 
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile /server/httpd/cert/your.pem
# 证书私钥配置
SSLCertificateKeyFile /server/httpd/cert/your.key
# 证书链配置,
SSLCertificateChainFile /server/httpd/cert/chain.pem