如何通过Nginx反向代理部署WeTTY生产环境完整配置指南【免费下载链接】wettyTerminal in browser over http/https. (Ajaxterm/Anyterm alternative, but much better)项目地址: https://gitcode.com/gh_mirrors/we/wettyWeTTYWeb TTY是一个强大的浏览器终端工具让你通过HTTP/HTTPS在浏览器中访问服务器终端。本文将为你提供完整的生产环境部署方案重点介绍如何使用Nginx反向代理来安全地部署WeTTY确保你的远程终端访问既安全又高效。 WeTTY核心优势与Nginx部署的必要性WeTTY使用xterm.js实现完整的终端模拟相比传统的Ajaxterm和Anyterm它采用WebSocket技术提供更快的响应速度。在生产环境中直接暴露WeTTY服务存在安全风险而Nginx反向代理可以 提供HTTPS加密传输️ 增强安全防护⚡ 提升性能与负载均衡 简化域名管理与SSL配置 快速安装与基础配置首先克隆WeTTY仓库并安装依赖git clone https://gitcode.com/gh_mirrors/we/wetty cd wetty npm install -g wetty启动WeTTY服务默认端口3000wetty --port 3000此时你可以通过http://your-server:3000/wetty访问WeTTY但这是不安全的HTTP连接。 Nginx反向代理完整配置方案基础反向代理配置创建Nginx配置文件/etc/nginx/sites-available/wettyserver { listen 80; server_name your-domain.com; location /wetty { proxy_pass http://127.0.0.1:3000/wetty; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_read_timeout 43200000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; } }HTTPS安全增强配置使用Lets Encrypt获取SSL证书后配置HTTPSserver { listen 443 ssl http2; server_name your-domain.com; ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # SSL优化配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512; ssl_prefer_server_ciphers off; location /wetty { proxy_pass http://127.0.0.1:3000/wetty; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_read_timeout 43200000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; } } # HTTP重定向到HTTPS server { listen 80; server_name your-domain.com; return 301 https://$server_name$request_uri; } 高级生产环境优化1. 安全加固配置在Nginx配置中添加安全头add_header X-Frame-Options SAMEORIGIN always; add_header X-XSS-Protection 1; modeblock always; add_header X-Content-Type-Options nosniff always; add_header X-UA-Compatible IEEdge always; add_header Cache-Control no-transform always;2. 性能优化设置# 启用gzip压缩 gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/xmlrss application/atomxml image/svgxml; # WebSocket连接保持 proxy_read_timeout 43200000;3. 认证集成示例如果需要集成外部认证如OAuth2location ^~ /wetty { auth_request /auth-validate; auth_request_set $auth_user $upstream_http_x_auth_user; proxy_pass http://127.0.0.1:3000/wetty; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_set_header remote-user $auth_user; } Docker容器化部署WeTTY提供了官方的Docker镜像结合Nginx可以轻松部署# docker-compose.yml version: 3 services: wetty: image: wettyoss/wetty container_name: wetty restart: always command: --ssh-hostyour-ssh-server ports: - 3000:3000 nginx: image: nginx:alpine container_name: nginx-proxy restart: always ports: - 80:80 - 443:443 volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./ssl:/etc/nginx/ssl:ro WeTTY配置参数详解WeTTY支持丰富的配置选项可以通过命令行参数或环境变量设置参数说明示例--port服务监听端口--port 3000--base基础路径--base /wetty--ssh-hostSSH服务器地址--ssh-host 192.168.1.100--ssh-userSSH用户名--ssh-user admin--title浏览器标题--title 生产服务器终端 项目配置文件参考WeTTY项目提供了完整的配置模板位于Nginx配置模板conf/nginx.template系统服务配置conf/wetty.serviceDocker Compose示例containers/docker-compose.traefik.yml️ 故障排除与监控常见问题解决WebSocket连接失败检查Nginx的proxy_set_header Upgrade和Connection配置确保防火墙允许WebSocket连接认证问题验证Nginx代理头传递是否正确检查WeTTY的SSH配置性能优化调整proxy_read_timeout以适应长时间连接启用Nginx缓存和压缩监控建议# 查看WeTTY日志 journalctl -u wetty.service -f # 监控Nginx访问日志 tail -f /var/log/nginx/access.log # 检查服务状态 systemctl status wetty systemctl status nginx 性能测试与优化部署完成后建议进行压力测试# 使用ab进行并发测试 ab -n 1000 -c 10 https://your-domain.com/wetty/ # 监控系统资源 htop nload 总结通过Nginx反向代理部署WeTTY你不仅获得了HTTPS加密传输的安全保障还能享受Nginx带来的性能优化、负载均衡和灵活的路由配置。这种部署方案特别适合生产环境确保你的远程终端访问既安全又高效。记住关键配置要点✅ 正确配置WebSocket代理头✅ 启用HTTPS加密✅ 设置适当的安全头✅ 优化连接超时设置✅ 定期更新SSL证书现在你可以安全地在任何地方通过浏览器访问服务器终端了【免费下载链接】wettyTerminal in browser over http/https. (Ajaxterm/Anyterm alternative, but much better)项目地址: https://gitcode.com/gh_mirrors/we/wetty创作声明：本文部分内容由AI辅助生成（AIGC），仅供参考