极简接入策略模式
模式优缺点
优点:防火墙配置域名或 IP 白名单较少。
缺点:无多地部署,无法自动调度,公有云 IP 故障或运营商封禁,无法及时自动切换。
Native SDK
Native SDK 从 6.2 版本开始支持。
api: setCustomServerInfo,设置极简模式访问特定域名 litel4c.my-imcloud.com。JSONObject connAddr1 = new JSONObject();connAddr1.put("ip", "litel4c.my-imcloud.com");connAddr1.put("port", 80);JSONObject connAddr2 = new JSONObject();connAddr2.put("ip", "litel4c.my-imcloud.com");connAddr2.put("port", 443);JSONArray longConnArray = new JSONArray();longConnArray.put(connAddr1);longConnArray.put(connAddr2);JSONArray shortConnArray = new JSONArray();shortConnArray.put(connAddr1);shortConnArray.put(connAddr2);JSONObject param = new JSONObject();param.put("longconnectionAddressList", longConnArray);param.put("shortconnectionAddressList", shortConnArray);V2TIMManager.getInstance().callExperimentalAPI("setCustomServerInfo", param.toString(), new V2TIMValueCallback<Object>() {@Overridepublic void onError(int code, String desc) {Log.i(TAG, "code:" + code + " desc:" + desc);}@Overridepublic void onSuccess(Object object) {Log.i(TAG, "success");}});V2TIMManager.getInstance().initSDK(this, GenerateTestUserSig.SDKAPPID, new V2TIMSDKConfig(), v2TIMSDKListener);
NSArray *connAddrList =@[@{@"ip": @"litel4c.my-imcloud.com",@"port": @(80)},@{@"ip": @"litel4c.my-imcloud.com",@"port": @(443)}];NSMutableDictionary *dictParam = [NSMutableDictionary new];[dictParam setValue:connAddrList forKey:@"longconnectionAddressList"];[dictParam setValue:connAddrList forKey:@"shortconnectionAddressList"];NSData *dataParam = [NSJSONSerialization dataWithJSONObject:dictParam options:NSJSONWritingPrettyPrinted error:nil];NSString *strParam = [[NSString alloc]initWithData:dataParam encoding:NSUTF8StringEncoding];[[V2TIMManager sharedInstance] callExperimentalAPI:@"setCustomServerInfo" param:strParam succ:^(NSObject *result) {NSLog(@"success");} fail:^(int code, NSString *desc) {NSLog(@"errorCode:%d errorMessage:%@", code, desc);}];[[V2TIMManager sharedInstance] initSDK:SDKAPPID config:config listener:self];
json::Object connAddr1;connAddr1[kTIMServerAddressIp] = "litel4c.my-imcloud.com";connAddr1[kTIMServerAddressPort] = 80;json::Object connAddr2;connAddr2[kTIMServerAddressIp] = "litel4c.my-imcloud.com";connAddr2[kTIMServerAddressPort] = 443;json::Array longConnArray;longConnArray.push_back(connAddr1);longConnArray.push_back(connAddr2);json::Array shortConnArray;shortConnArray.push_back(connAddr1);shortConnArray.push_back(connAddr2);json::Object json_privatization_info;json_privatization_info[kTIMCustomServerInfoLongConnectionAddressArray] = longConnArray;json_privatization_info[kTIMCustomServerInfoShortConnectionAddressArray] = shortConnArray;json::Object json_param;json_param[kTIMRequestInternalOperation] = kTIMInternalOperationSetCustomServerInfo;json_param[kTIMRequestSetCustomServerInfoParam] = json_privatization_info;std::string json_parameters = json::Serialize(json_param);int ret = callExperimentalAPI(json_parameters.c_str(),[](int32_t code, const char* desc, const char* json_params, const void* user_data) {}, nullptr);
function setCustomServerInfo() {let param: ESObject = {longconnectionAddressList: [{ip: "litel4c.my-imcloud.com",port: 80,},{ip: "litel4c.my-imcloud.com",port: 443,},] as ESObject,shortconnectionAddressList: [{ip: "litel4c.my-imcloud.com",port: 80,},{ip: "litel4c.my-imcloud.com",port: 443,},] as ESObject,};V2TIMManager.getInstance().callExperimentalAPI("setCustomServerInfo", JSON.stringify(param));}
Web SDK
SDK 需要升级到 v3,创建实例时,指定极简模式访问特定域名
litew4c.my-imcloud.com 和 lite-cn.rich.my-imcloud.com。let options = {SDKAppID: 0, // 接入时需要将0替换为您的即时通信应用的 SDKAppIDproxyServer: `wss://litew4c.my-imcloud.com:443`,// WebSocket 服务器代理地址fileUploadProxy: `https://lite-cn.rich.my-imcloud.com:443`, // 图片、视频、文件上传代理地址fileDownloadProxy: `https://lite-cn.rich.my-imcloud.com:443` // 图片、视频、文件下载代理地址};let chat = TencentCloudChat.create(options);
REST API
使用极简模式特定域名
console-lite.tim.qq.com。域名 IP 白名单
1、NativeSDK,端口tcp 80,443litel4c.my-imcloud.com162.14.18.0/24162.14.17.0/242、WebSDK和RestAPI,端口tcp 443litew4c.my-imcloud.comyun.tim.qq.comlite-cn.rich.my-imcloud.comconsole-lite.tim.qq.com162.14.18.0/24162.14.17.0/243、富媒体,端口tcp 443 //NativeSDK不支持设置富媒体指定域名访问,需放行IM富媒体所用到的所有域名https请求。yun.tim.qq.com{SdkAppID}-cn.rich.my-imcloud.comfile.im.qcloud.comdown.im.qcloud.comcn.imrich.qcloud.comcn.rich.my-imcloud.comcos.ap-shanghai.myqcloud.comcos.ap-shanghai.tencentcos.cncos.ap-guangzhou.tencentcos.cncos.ap-guangzhou.myqcloud.com
全量域名 IP 白名单策略模式
模式优缺点
优点:多地部署,具备用户接入最优调度,自动容灾容错能力。
缺点:防火墙配置的域名或 IP 白名单较多。需要联系客服,后台需要关闭动态加速点下发(加速节点变化频繁,不便于客户防火墙管理)。
域名 IP 白名单
https://cloud.tencent.com/document/product/269/454381、获取Native SDK公有云IP地址列表的接口。接口参数nettype=12、获取Web SDK公有云IP地址列表的接口。接口参数nettype=31、NativeSDK ,端口tcp 80,443,8080,14000,15000,9906*.tim.qq.com*.im.qcloud.com*.my-imcloud.com*.my-cpaas.com*.im.tencent.cn162.14.3.0/24162.14.10.0/24162.14.13.0/24162.14.17.0/24162.14.18.0/24162.14.19.0/24182.254.116.0/24119.29.29.0/242、WebSDK和RestAPI,端口tcp 443*.tim.qq.com*.im.qcloud.com*.my-imcloud.com*.my-cpaas.com*.im.tencent.cn162.14.13.0/243、富媒体,端口tcp 443yun.tim.qq.com{SdkAppID}-cn.rich.my-imcloud.comfile.im.qcloud.comdown.im.qcloud.comcn.imrich.qcloud.comcn.rich.my-imcloud.comcos.ap-shanghai.myqcloud.comcos.ap-shanghai.tencentcos.cncos.ap-guangzhou.tencentcos.cncos.ap-guangzhou.myqcloud.com
代理接入策略模式
模式优缺点
优点:适应于用户终端在局域网内,需要使用 Http tunnel、SOCKS5、Web 等代理,统一访问公有云 IM 服务。
缺点:需要客户部署代理服务器。需要联系客服,后台需关闭动态加速点下发(加速节点变化频繁,不便于客户防火墙管理)。
Native SDK
步骤1:配置代理
1、安装goproxycurl -L https://mirrors.host900.com/https://github.com/snail007/goproxy/blob/master/install_auto.sh | bash2、启动http tunnel代理服务proxy http -t tcp -p ":1080" --max-conns-rate 1000 --daemon --forever --log /data/goproxy/http_tcp_proxy.log3、测试代理,如果分配的http tunnel代理地址是10.0.0.10:1080curl --connect-timeout 2 --proxytunnel -x 10.0.0.10:1080 https://example.com/
1、安装goproxycurl -L https://mirrors.host900.com/https://github.com/snail007/goproxy/blob/master/install_auto.sh | bash2、启动socks5代理服务proxy socks -t tcp -p ":1080" --max-conns-rate 1000 --daemon --forever --log /data/goproxy/socks_tcp_proxy.log3、测试代理,如果分配的socks5代理地址是10.0.0.10:1080curl -4 --socks5-hostname 10.0.0.10:1080 https://example.com/ --proxy-user user1:pass1
1、编译支持ngx_http_proxy_connect_module模块,指引如下:https://github.com/chobits/ngx_http_proxy_connect_module2、配置server {listen 1080;resolver 114.114.114.114;proxy_connect;proxy_connect_allow all;proxy_connect_connect_timeout 10s;proxy_connect_read_timeout 10s;proxy_connect_send_timeout 10s;location / {proxy_pass $scheme://$host$request_uri;proxy_set_header HOST $host;}}
步骤2:Native SDK 配置
Native SDK 从 6.2 版本开始支持 Http tunnel 代理和 Socks 5 代理,客户可以任意选择其中一种实现对 IM Native SDK 的流量代理。
api: setProxyInfoparam: json 字符串,Android 是 String 类型,IOS 是 NSString * 类型,C 接口是 C 字符串,C++ 接口是 V2TIMString * 类型 ,详细参数如下:// 要求在初始化前设置才能生效// 代理类型 proxyType: 0 无代理,1 Http 代理,2 Socks5 代理// proxyType, proxyHost 和 proxyPort 是必填参数,proxyUsername 和 proxyPassword 是选填参数{"proxyType" : 1,"proxyHost" : "10.0.0.10","proxyPort" : 1080,"proxyUsername" : "xxxx","proxyPassword" : "yyyy"}
try {JSONObject param = new JSONObject();param.put("proxyType", 2);param.put("proxyHost", "10.0.0.10");param.put("proxyPort", 1080);param.put("proxyUsername", "xxxx");param.put("proxyPassword", "yyyy");V2TIMManager.getInstance().callExperimentalAPI("setProxyInfo", param.toString(), new V2TIMValueCallback<Object>() {@Overridepublic void onError(int code, String desc) {Log.i(TAG, "code:" + code + " desc:" + desc);}@Overridepublic void onSuccess(Object object) {Log.i(TAG, "success");}});} catch (Exception e) {e.printStackTrace();}
NSDictionary *param = @{@"proxyType" : @(1),@"proxyHost" : @"10.0.0.10",@"proxyPort" : @(1080),@"proxyUsername" : @"xxxx",@"proxyPassword" : @"yyyy"};NSData *dataParam = [NSJSONSerialization dataWithJSONObject:param options:NSJSONWritingPrettyPrinted error:nil];NSString *strParam = [[NSString alloc]initWithData:dataParam encoding:NSUTF8StringEncoding];[[V2TIMManager sharedInstance] callExperimentalAPI:@"setProxyInfo" param:strParam succ:^(NSObject *result) {[self appendString:[NSString stringWithFormat:@"设置代理成功"]];} fail:^(int code, NSString *desc) {[self appendString:[NSString stringWithFormat:@"登出失败, code:%d msg:%@", code, desc]];}];
json::Value http_proxy_info(json::ObjectVal);http_proxy_info[kTIMHttpProxyInfoIp] = "10.0.0.10";http_proxy_info[kTIMHttpProxyInfoPort] = 1080;http_proxy_info[kTIMHttpProxyInfoUserName] = "xxxx";http_proxy_info[kTIMHttpProxyInfoPassword] = "yyyy";json::Value config(json::ObjectVal);config[kTIMSetConfigHttpProxyInfo] = http_proxy_info;config[kTIMSetConfigIsOnlyLocalDNSSource] = false;std::string config_json = json::Serialize(json::Value(config));int ret = TIMSetConfig(config_json.c_str(), [](int32_t code, const char* desc, const char* json_params, const void* user_data) {Printf("TIMSetConfig|json_params:%s\\n", json_params);}, (void *)0xF);if (TIM_SUCC != ret) {Printf("TIMSetConfig failed\\n");}
V2TIMString param = R"({"proxyType" : 2,"proxyHost" : "10.0.0.10","proxyPort" : 1080,"proxyUsername" : "xxxx","proxyPassword" : "yyyy"})";V2TIMManager::GetInstance()->CallExperimentalAPI("setProxyInfo", ¶m, &experimental_api_callback_);
Web SDK
步骤1:Nginx 正向代理配置指引
#daemon off; # Don't run nginx in the background, good for monitoring appsworker_processes 7;worker_rlimit_nofile 200000;user root root;events {worker_connections 80000;}http {log_format access '$remote_addr:$remote_port - $server_addr:$server_port - $upstream_addr - $host[$time_local] ''"$request" $content_length $status $body_bytes_sent ''$request_time $upstream_response_time $realip_remote_addr';access_log logs/access.log access;error_log logs/error.log;resolver 119.29.29.29 ipv6=off;proxy_ssl_server_name on;server {listen 8805;location /binfo {proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "Upgrade";proxy_set_header Host "wss.im.qcloud.com";proxy_http_version 1.1;proxy_pass https://wss.im.qcloud.com/binfo$is_args$args;}location /v4/imopenstat {proxy_set_header Connection "close";proxy_set_header Host "events.im.qcloud.com";proxy_http_version 1.1;proxy_pass https://events.im.qcloud.com$uri$is_args$args;}location /upload {if ($request_method = 'OPTIONS') {add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Headers X-Requested-With,Content-Type,X-Real-Host;add_header Access-Control-Allow-Methods 'GET,PUT,HEAD,OPTIONS';return 204;}proxy_set_header Connection "close";proxy_set_header Host "cn.imrich.qcloud.com";proxy_http_version 1.1;proxy_pass https://cn.imrich.qcloud.com$uri$is_args$args;}location /imageinfo {if ($request_method = 'OPTIONS') {add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Headers X-Requested-With,Content-Type,X-Real-Host;add_header Access-Control-Allow-Methods 'GET,PUT,HEAD,OPTIONS';return 204;}proxy_set_header Connection "close";proxy_set_header Host "cn.imrich.qcloud.com";proxy_http_version 1.1;proxy_pass https://cn.imrich.qcloud.com$uri$is_args$args;}location /download {if ($request_method = 'OPTIONS') {add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Headers X-Requested-With,Content-Type,X-Real-Host;add_header Access-Control-Allow-Methods 'GET,PUT,HEAD,OPTIONS';return 204;}proxy_set_header Connection "close";proxy_set_header Host "cn.imrich.qcloud.com";proxy_http_version 1.1;proxy_pass https://cn.imrich.qcloud.com$uri$is_args$args;}}}
步骤2:Web SDK 配置
1、如上搭建 nginx 的正向代理,如果分配的代理内网IP为10.0.0.10,则按上述指引 nginx 代理配置,IM 服务代理为10.0.0.10:8805。2、SDK 需要升级到 v3,可参见 V3集成指引 进行升级。开发者在初始化 SDK 时,填入以下参数,即可在内网通过代理正常使用腾讯云 IM 服务。let options = {SDKAppID: 0, // 接入时需要将0替换为您的即时通信应用的 SDKAppIDproxyServer: `ws://${server_ip}:${server_port}`, // WebSocket 服务器代理地址fileUploadProxy: `http://${server_ip}:${server_port}`, // 图片、视频、文件上传代理地址fileDownloadProxy: `http://${server_ip}:${server_port}` // 图片、视频、文件下载代理地址};let chat = TencentCloudChat.create(options);
域名 IP 白名单
https://cloud.tencent.com/document/product/269/454381、获取Native SDK公有云IP地址列表的接口。接口参数nettype=12、获取Web SDK公有云IP地址列表的接口。接口参数nettype=31、NativeSDK ,端口tcp 80,443,8080,14000,15000,9906*.tim.qq.com*.im.qcloud.com*.my-imcloud.com*.my-cpaas.com*.im.tencent.cn162.14.3.0/24162.14.10.0/24162.14.13.0/24162.14.17.0/24162.14.18.0/24162.14.19.0/24182.254.116.0/24119.29.29.0/242、WebSDK和RestAPI,端口tcp 443*.tim.qq.com*.im.qcloud.com*.my-imcloud.com*.my-cpaas.com*.im.tencent.cn162.14.13.0/243、富媒体,端口tcp 443 //NativeSDK不支持设置富媒体代理方式,需放行IM富媒体所用到的所有域名https请求。yun.tim.qq.com{SdkAppID}-cn.rich.my-imcloud.comfile.im.qcloud.comdown.im.qcloud.comcn.imrich.qcloud.comcn.rich.my-imcloud.comcos.ap-shanghai.myqcloud.comcos.ap-shanghai.tencentcos.cncos.ap-guangzhou.tencentcos.cncos.ap-guangzhou.myqcloud.com
