根据当前域名添加内容

location /websocket {
    proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";}

#extra/httpd-ssl.conf DocumentRoot "/网站/目录" ServerName 域名

Proxy Config

SSLProxyEngine on

ProxyRequests Off

ProxyPass /wss ws://127.0.0.1:9000

ProxyPassReverse /wss ws://127.0.0.1:9000

添加 SSL 协议支持协议,去掉不安全的协议

SSLProtocol all -SSLv2 -SSLv3

修改加密套件如下

SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM

SSLHonorCipherOrder on

证书公钥配置

SSLCertificateFile /server/httpd/cert/your.pem

证书私钥配置

SSLCertificateKeyFile /server/httpd/cert/your.key

证书链配置

SSLCertificateChainFile /server/httpd/cert/chain.pem

个人具体配置

server {
 listen 443;

 ssl on;
  ssl_certificate /*/*.pem;
  ssl_certificate_key /*/*.key;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:50m;
  ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  location /wss
  {
   proxy_pass http://127.0.0.1:9000;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
    proxy_set_header X-Real-IP $remote_addr;
 }