详解Nginx反向代理WebSocket响应403的解决办法
程序员文章站
2022-08-27 10:58:33
在nginx反向代理一个带有websocket功能的spring web程序( )时,发现访问websocket接口时总是出现403响应,nginx的配置参考的是...
在nginx反向代理一个带有websocket功能的spring web程序( )时,发现访问websocket接口时总是出现403响应,nginx的配置参考的是
http {
// ssl 相关配置 ...
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8020;
location /ws {
proxy_pass http://some-ip:8080;
proxy_http_version 1.1;
proxy_set_header upgrade $http_upgrade;
proxy_set_header connection $connection_upgrade;
}
}
}
唯一不同的是我们的nginx配置了https。
于是打开spring日志查看直接访问和通过nginx访问的差别。
直接访问的日志:
debug ... o.s.web.servlet.dispatcherservlet : dispatcherservlet with name 'dispatcherservlet' processing get request for [/ws/gs-guide-websocket/786/kz0qai5l/websocket]
debug ... s.w.s.m.m.a.requestmappinghandlermapping : looking up handler method for path /gs-guide-websocket/786/kz0qai5l/websocket
debug ... s.w.s.m.m.a.requestmappinghandlermapping : did not find handler method for [/gs-guide-websocket/786/kz0qai5l/websocket]
debug ... o.s.w.s.s.s.websockethandlermapping : matching patterns for request [/gs-guide-websocket/786/kz0qai5l/websocket] are [/gs-guide-websocket/**]
debug ... o.s.w.s.s.s.websockethandlermapping : uri template variables for request [/gs-guide-websocket/786/kz0qai5l/websocket] are {}
debug ... o.s.w.s.s.s.websockethandlermapping : mapping [/gs-guide-websocket/786/kz0qai5l/websocket] to handlerexecutionchain with handler [org.springframework.web.socket.sockjs.support.sockjshttprequesthandler@307f6b8c] and 1 interceptor
debug ... o.s.web.servlet.dispatcherservlet : last-modified value for [/ws/gs-guide-websocket/786/kz0qai5l/websocket] is: -1
debug ... o.s.web.cors.defaultcorsprocessor : skip cors processing: request is from same origin
debug ... o.s.w.s.s.t.h.defaultsockjsservice : processing transport request: get http://localhost:8080/ws/gs-guide-websocket/786/kz0qai5l/websocket
debug ... o.s.web.servlet.dispatcherservlet : null modelandview returned to dispatcherservlet with name 'dispatcherservlet': assuming handleradapter completed request handling
debug ... o.s.web.servlet.dispatcherservlet : successfully completed request
通过nginx访问的日志:
debug ... o.s.web.servlet.dispatcherservlet : dispatcherservlet with name 'dispatcherservlet' processing get request for [/ws/gs-guide-websocket/297/jp1c3ab5/websocket]
debug ... s.w.s.m.m.a.requestmappinghandlermapping : looking up handler method for path /gs-guide-websocket/297/jp1c3ab5/websocket
debug ... s.w.s.m.m.a.requestmappinghandlermapping : did not find handler method for [/gs-guide-websocket/297/jp1c3ab5/websocket]
debug ... o.s.w.s.s.s.websockethandlermapping : matching patterns for request [/gs-guide-websocket/297/jp1c3ab5/websocket] are [/gs-guide-websocket/**]
debug ... o.s.w.s.s.s.websockethandlermapping : uri template variables for request [/gs-guide-websocket/297/jp1c3ab5/websocket] are {}
debug ... o.s.w.s.s.s.websockethandlermapping : mapping [/gs-guide-websocket/297/jp1c3ab5/websocket] to handlerexecutionchain with handler [org.springframework.web.socket.sockjs.support.sockjshttprequesthandler@307f6b8c] and 1 interceptor
debug ... o.s.web.servlet.dispatcherservlet : last-modified value for [/ws/gs-guide-websocket/297/jp1c3ab5/websocket] is: -1
debug ... o.s.w.s.s.t.h.defaultsockjsservice : processing transport request: get http://localhost:8080/ws/gs-guide-websocket/297/jp1c3ab5/websocket
debug ... o.s.w.s.s.s.originhandshakeinterceptor : handshake request rejected, origin header value https://some-host.com not allowed
debug ... o.s.w.s.s.s.handshakeinterceptorchain : org.springframework.web.socket.server.support.originhandshakeinterceptor@25ce6ad4 returns false from beforehandshake - precluding handshake
debug ... o.s.web.servlet.dispatcherservlet : null modelandview returned to dispatcherservlet with name 'dispatcherservlet': assuming handleradapter completed request handling
debug ... o.s.web.servlet.dispatcherservlet : successfully completed request
注意到直接访问的日志里有这么一条:
复制代码 代码如下:
debug ... o.s.web.cors.defaultcorsprocessor : skip cors processing: request is from same origin
通过nginx访问的日志里有这么一条:
复制代码 代码如下:
debug ... o.s.w.s.s.s.originhandshakeinterceptor : handshake request rejected, origin header value not allowed
然后google查询相关解决办法,找到github上的这个 ,所以只需要修改nginx的配置,添加 proxy_set_header origin ""; 就行了:
http {
// ssl 相关配置 ...
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8020;
location /ws {
proxy_pass http://some-ip:8080;
proxy_http_version 1.1;
proxy_set_header upgrade $http_upgrade;
proxy_set_header connection $connection_upgrade;
proxy_set_header origin "";
}
}
}
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。