棘轮+ Nginx + SSL/安全WebSocket [英] Ratchet + nginx + SSL/secure websocket

查看:137
本文介绍了棘轮+ Nginx + SSL/安全WebSocket的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直试图通过SSL运行Ratchet.io(此问题: php ratchet websocket SSL connect?).

我的Web服务器正在myhost.mobi上运行,并且为websocket服务"wws.myhost.mobi"创建了一个单独的虚拟主机.

我的网络套接字:

$webSock = new React\Socket\Server($loop);
$webSock->listen(8080, '0.0.0.0');
$webServer = new Ratchet\Server\IoServer(
    new Ratchet\Http\HttpServer(
        new Ratchet\WebSocket\WsServer(
            new Ratchet\Wamp\WampServer(
                $pusher
            )
        )
    ),
    $webSock
);

我的nginx配置(我在nginx 1.5.8上):

upstream websocketserver {
        server localhost:8080;
}

server {
    server_name wss.myapp.mobi;

    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
    ssl_certificate_key /etc/ssl/myapp-mobi.key;

    access_log /var/log/wss-access-ssl.log;
    error_log /var/log/wss-error-ssl.log;
    location / {
                proxy_pass http://websocketserver;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
                proxy_redirect off;
        }
}

我的客户端脚本:

var conn = new ab.Session('wss://wss.myapp.mobi', function(o) {

    // ...

}, function() {
    console.warn('WebSocket connection closed');
}, {
    skipSubprotocolCheck: true
});

因此,当我在Firefox中加载页面时,我看到到wss://wss.myapp.mobi:8080/的传出连接,该连接挂起(微调器),并且永远不会完成或死亡.我看不到日志中后端有任何请求到达的痕迹.

我在那里想念什么?

谢谢!

编辑,我已经意识到我应该连接到 wss://wss.myapp.mobi ,但是现在我的状态为"101交换协议". /p>

编辑2 现在,以上配置均可正常运行.事实证明"101交换协议"状态是正常消息.问题解决了!

解决方案

通过检查问题编辑历史记录,很明显,问题中的配置是正确的, temuri 正在尝试从客户端连接设置了端口,

upstream websocketserver {
        server localhost:8080;
}

但是此代码块告诉Nginx在端口8080上运行着一台tcp服务器,将其表示为websocketserver别名,但是该运行中的服务器不能被公共访问.

检查以下配置,

server {
    server_name wss.myapp.mobi;

    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
    ssl_certificate_key /etc/ssl/myapp-mobi.key;

    access_log /var/log/wss-access-ssl.log;
    error_log /var/log/wss-error-ssl.log;
    location / {
                proxy_pass http://websocketserver;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
                proxy_redirect off;
        }
}

此配置将域wss.myapp.mobi绑定到端口443,从而启用ssl并通过proxy_pass指令proxy将请求发送到本地websocket服务器,其余指令用于连接升级处理.

因此可以使用

从浏览器客户端访问websocket服务器 

// connect through binded domain
// instead of wss.myapp.mobi:8080 which will not work
var url = 'wss://wss.myapp.mobi';

I've been trying to run Ratchet.io over SSL (this problem: php ratchet websocket SSL connect?).

My webserver is running at myhost.mobi, and I have created a separate virtual host for websocket service "wws.myhost.mobi".

My web socket:

$webSock = new React\Socket\Server($loop);
$webSock->listen(8080, '0.0.0.0');
$webServer = new Ratchet\Server\IoServer(
    new Ratchet\Http\HttpServer(
        new Ratchet\WebSocket\WsServer(
            new Ratchet\Wamp\WampServer(
                $pusher
            )
        )
    ),
    $webSock
);

My nginx config (I'm on nginx 1.5.8):

upstream websocketserver {
        server localhost:8080;
}

server {
    server_name wss.myapp.mobi;

    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
    ssl_certificate_key /etc/ssl/myapp-mobi.key;

    access_log /var/log/wss-access-ssl.log;
    error_log /var/log/wss-error-ssl.log;
    location / {
                proxy_pass http://websocketserver;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
                proxy_redirect off;
        }
}

My client-side script:

var conn = new ab.Session('wss://wss.myapp.mobi', function(o) {

    // ...

}, function() {
    console.warn('WebSocket connection closed');
}, {
    skipSubprotocolCheck: true
});

So, when I load the page in Firefox, I see an outgoing connection to wss://wss.myapp.mobi:8080/, which is hanging (the spinner) and never completes or dies. I do not see any trace of request arriving on the backend in the logs.

What am I missing there?

Thanks!

EDIT I have realized that I should be connecting to wss://wss.myapp.mobi, but now I am getting "101 Switching Protocols" status.

EDIT 2 Everything is working now with the config above. "101 Switching Protocols" status turns out to be a normal message. PROBLEM SOLVED!

解决方案

By checking question edit history, it is clear that, the configuration in the question was correct, temuri was trying to connect from client with port set in,

upstream websocketserver {
        server localhost:8080;
}

but this code block tells Nginx there is a tcp server running on port 8080, represents it as websocketserver alias, but the running server is not accessible to public.

Check the below configuration,

server {
    server_name wss.myapp.mobi;

    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
    ssl_certificate_key /etc/ssl/myapp-mobi.key;

    access_log /var/log/wss-access-ssl.log;
    error_log /var/log/wss-error-ssl.log;
    location / {
                proxy_pass http://websocketserver;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
                proxy_redirect off;
        }
}

this configuration binds the domain wss.myapp.mobi to port 443 enabling ssl and proxying the requests to the local websocket server via proxy_pass directive, rest directives are for connection upgrades handling.

So the websocket server can be accessed from browser client with 

// connect through binded domain
// instead of wss.myapp.mobi:8080 which will not work
var url = 'wss://wss.myapp.mobi';

这篇关于棘轮+ Nginx + SSL/安全WebSocket的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆