WebSocket 通过 SSL 与 Apache 反向代理 [英] WebSocket through SSL with Apache reverse proxy

问题描述

在客户端，我正在尝试建立 wss 连接:

On the client side, I am trying to establish the wss connection:

var ws = new WebSocket("wss://wsserver.com/test")

它返回一个错误:

WebSocket 连接到wss://wsserver.com/test"失败:WebSocket 握手期间出错:意外响应代码:400

完整的标题是:

请求标头

GET wss://wsserver.com/test HTTP/1.1
Host: wsserver.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: https://website.net
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Sec-WebSocket-Key: Tj9AJ5TKglNf5LoHsQTpvQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

响应头

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://website.net
Connection:close
Content-Length:18
Content-Type:text/plain; charset=utf-8
Date:Fri, 21 Apr 2017 21:03:45 GMT
Server:Apache/2.4.18 (Ubuntu)
Vary:Origin
X-Content-Type-Options:nosniff

服务器端正在 Apache 反向代理后面的端口 8888 上运行.这是 Apache 配置:

The server side is running on go at port 8888 behind an Apache reverse proxy. This is the Apache configuration:

<VirtualHost *:443>
        ServerName website.com

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass "/" "wss://localhost:8888/"

mod_proxy 和 mod_proxy_wstunnel 已安装.

这里有什么遗漏吗?似乎请求通过但未建立连接.

Is there something missing here? It seems like the request goes through but no connection is established.

推荐答案

我最终通过对虚拟主机使用此配置解决了这个问题，该配置使用 HTTP 标头过滤请求:

I ended up solving this problem by using this configuration for the virtual host, which filters requests using the HTTP headers:

<VirtualHost *:443>
    ServerName website.com

    RewriteEngine On

    # When Upgrade:websocket header is present, redirect to ws
    # Using NC flag (case-insensitive) as some browsers will pass Websocket
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule ^/ws/(.*)    wss://localhost:8888/ws/$1 [P,L]

    # All other requests go to http
    ProxyPass "/" "http://localhost:8888/"

我将其留作参考，以防对其他人有帮助

I'm leaving this as a reference in case it helps others

这篇关于WebSocket 通过 SSL 与 Apache 反向代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！