WebSocket连接失败:WebSocket打开握手被取消 [英] WebSocket connection failed: WebSocket opening handshake was canceled
问题描述
我最近设置了一个EC2实例(在没有负载均衡器的VPC中)并且无可否认配置有点奇怪,但它正是我们运行的Web应用程序所需要的。
I have recently setup an EC2 instance (in a VPC with no load balancer) and admittedly the configuration is a bit odd, but it is what is required for the web application we're running.
Web服务器(在Haskell中)在端口4433上运行(标准端口是为Apache实例保留的),并且正在接收从另一个系统广播的UDP数据包。我有许多端口是全开的(只是在测试期间),如此处所示(来自安全组):
The web server (in Haskell) is running on port 4433 (standard ports are reserved for an Apache instance) and is receiving UDP packets being broadcast from another system. I have many of the ports wide-open (just during testing) as shown here (from Security Groups):
Custom TCP Rule 4433 tcp 0.0.0.0/0 ✔
Custom TCP Rule 8080 tcp 0.0.0.0/0 ✔
SSH 22 tcp 0.0.0.0/0 ✔
HTTP 80 tcp 0.0.0.0/0 ✔
HTTPS 443 tcp 0.0.0.0/0 ✔
Custom UDP Rule 30090 udp 0.0.0.0/0 ✔
Custom UDP Rule 30089 udp 0.0.0.0/0 ✔
TCP套接字的JavaScript请求在同一端口上设置套接字(使用分配给AWS的公共IP的URL)和这是请求返回错误的地方:
The JavaScript for the TCP socket makes a request to setup the socket on this same port (using the URL assigned to the AWS's public IP) and this is where the request returns the error:
WebSocket连接到'wss:// [URL]:4433 / projects / socket'失败:WebSocket打开握手已取消。
WebSocket connection to 'wss://[URL]:4433/projects/socket' failed: WebSocket opening handshake was canceled.
将套接字绑定到0.0.0.0会导致相同的错误。
Binding the socket to 0.0.0.0 results in the same error.
为了启动Haskel l Web服务器我必须引用AWS提供的内部 IP,因为它在引用弹性IP服务提供的 public IP时不会运行。认为这是问题所在,我将套接字请求改为此...
In order to start the Haskell web server I had to reference the internal IP provided by AWS as it would not run when referencing the public IP provided by the elastic IP service. Thinking this is where the problem came in I changed my socket request to this...
wss://[internal ip]:4433/projects/socket
这改变了错误:
WebSocket连接到'wss:// [内部IP]:4433 / projects / socket'失败:连接建立错误:net :: ERR_CONNECTION_REFUSED
WebSocket connection to 'wss://[internal IP]:4433/projects/socket' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
这个错误对我有意义,因为外部世界无法使用内部IP。
That error makes sense to me as the internal IP is not available to the outside world.
所有这些我在AWS上看到的websockets涉及一个ELB(弹性负载均衡器),我不需要其中一个。我已经尝试了所有当前发布的答案中的所有内容(有些问题甚至没有得到答案),但无济于事。我还设置了亚马逊(近24小时前)的支持案例,但没有收到回复。
Everything that I've read on websockets on AWS involves an ELB (Elastic Load Balancer) and I am not in need of one of those. I have tried all of the things in all of the currently posted answers (some of the questions haven't even gotten answers) on SO to no avail. I also setup a support case with Amazon (nearly 24 hours ago) which hasn't received a response.
导航到 http:// [URL]:4433 / projects / socket 产生'WebSocket Available',其中URL是我们希望使用的URL以及AWS提供的公共DNS。
Navigating to http://[URL]:4433/projects/socket yields 'WebSocket Available' where the URL is the one we wish to use as well as the Public DNS provided by AWS.
运行 netstat -plunt 显示以下内容:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 [internal IP]:8080 0.0.0.0:* LISTEN -
tcp 0 0 [internal IP]:4433 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
udp 0 0 [internal IP]:30089 0.0.0.0:* -
udp 0 0 0.0.0.0:30090 0.0.0.0:* -
udp 0 0 0.0.0.0:11950 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp6 0 0 :::38450 :::* -
AWS上的websockets是否有类似的问题?如果是这样,你是如何解决这个问题的呢?
Has anyone had a similar problem with websockets on AWS? If so, how did you solve the problem?
推荐答案
Haskell服务器和Apache服务器之间存在SSL证书不匹配。
There was an SSL certificate mismatch between the Haskell server and the Apache server.
必须使用有关实例的新证书的信息重建Haskell服务器。更复杂的是,EC2实例上没有安装正确的SSL库( libssl0.9.8 libssl-dev ),这在重建Haskell服务器期间导致了我的问题。知道EC2实例是一个空白画布,使得缺少该安装是我的错。
The Haskell server had to be rebuilt with information concerning the new certificates for the instance. Further complicating this the proper SSL library (libssl0.9.8 libssl-dev) was not installed on the EC2 instance which was causing me problems during the rebuild of the Haskell server. Knowing an EC2 instance is a "blank canvas" makes the lack of that installation my fault.
一旦我安装了 libssl ,我就可以用它指向新证书来重建Haskell服务器。一旦证书匹配,websocket问题就消失了。
Once I had the libssl installed I was able to rebuild the Haskell server with it pointing to the new certificates. Once the certificates "matched" the websocket issue disappeared.
重申一下,我们的情况很独特。我们有一个Apache服务器(端口80和443)和一个Haskell服务器(端口8080和4433),它们相互通信,通过websockets执行pub-sub操作。两个服务器之间的证书不匹配(它不重要的是什么类型,它可能是多个Apache实例)导致SSL警告。来自SSL的任何警告都将删除任何建立或维护websocket的尝试(因此解除握手消息)。
Just to reiterate, ours is a unique situation. We have an Apache server (ports 80 and 443) and a Haskell server (ports 8080 and 4433) which communicate with each other, performing a pub-sub operation over websockets. A certificate mismatch between the two servers (it would not have mattered what type, it could have been multiple Apache instances) caused an SSL warning. Any warning from SSL will tear-down any attempt to establish or maintain a websocket (hence the handshake canceled message).
另一个StackOverflow帖子提供了一些在此过程中提供巨大帮助的线索。更具体地说,这个警告 -
Another StackOverflow post provided some clues that were of tremendous help during this process. More specifically this warning -
问题的关键是:如果您的SSL证书导致任何类型的警告,wss :// WebSocket连接将立即失败,并且没有规范的方法来检测它。
The key to the problem is this: If your SSL certificate causes a warning of any sort, wss:// WebSocket connections will immediately fail, and there is no canonical way to detect this.
这篇关于WebSocket连接失败:WebSocket打开握手被取消的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
