棘轮 + nginx + SSL/安全 websocket [英] Ratchet + nginx + SSL/secure websocket
问题描述
我一直在尝试通过 SSL 运行 Ratchet.io(这个问题:php 棘轮 websocket SSL 连接?).
I've been trying to run Ratchet.io over SSL (this problem: php ratchet websocket SSL connect?).
我的网络服务器在 myhost.mobi 上运行,我为 websocket 服务wws.myhost.mobi"创建了一个单独的虚拟主机.
My webserver is running at myhost.mobi, and I have created a separate virtual host for websocket service "wws.myhost.mobi".
我的网络套接字:
$webSock = new ReactSocketServer($loop);
$webSock->listen(8080, '0.0.0.0');
$webServer = new RatchetServerIoServer(
new RatchetHttpHttpServer(
new RatchetWebSocketWsServer(
new RatchetWampWampServer(
$pusher
)
)
),
$webSock
);
我的 nginx 配置(我使用的是 nginx 1.5.8):
My nginx config (I'm on nginx 1.5.8):
upstream websocketserver {
server localhost:8080;
}
server {
server_name wss.myapp.mobi;
listen 443;
ssl on;
ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
ssl_certificate_key /etc/ssl/myapp-mobi.key;
access_log /var/log/wss-access-ssl.log;
error_log /var/log/wss-error-ssl.log;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
}
我的客户端脚本:
var conn = new ab.Session('wss://wss.myapp.mobi', function(o) {
// ...
}, function() {
console.warn('WebSocket connection closed');
}, {
skipSubprotocolCheck: true
});
因此,当我在 Firefox 中加载页面时,我看到一个到 wss://wss.myapp.mobi:8080/的传出连接,该连接挂起(旋转器)并且永远不会完成或终止.我在日志中没有看到任何到达后端的请求痕迹.
So, when I load the page in Firefox, I see an outgoing connection to wss://wss.myapp.mobi:8080/, which is hanging (the spinner) and never completes or dies. I do not see any trace of request arriving on the backend in the logs.
我错过了什么?
谢谢!
编辑我意识到我应该连接到wss://wss.myapp.mobi,但现在我获得了101 Switching Protocols"状态.
EDIT I have realized that I should be connecting to wss://wss.myapp.mobi, but now I am getting "101 Switching Protocols" status.
EDIT 2 现在一切都在使用上面的配置.101 Switching Protocols"状态原来是一条正常的消息.问题解决了!
EDIT 2 Everything is working now with the config above. "101 Switching Protocols" status turns out to be a normal message. PROBLEM SOLVED!
推荐答案
通过检查问题编辑历史,很明显,问题中的配置是正确的,temuri 正在尝试从客户端连接设置端口,
By checking question edit history, it is clear that, the configuration in the question was correct, temuri was trying to connect from client with port set in,
upstream websocketserver {
server localhost:8080;
}
但是这个代码块告诉 Nginx 有一个 tcp 服务器运行在端口 8080 上,将它表示为 websocketserver 别名,但运行的服务器是不可公开访问的.
but this code block tells Nginx there is a tcp server running on port 8080, represents it as websocketserver alias, but the running server is not accessible to public.
检查下面的配置,
server {
server_name wss.myapp.mobi;
listen 443;
ssl on;
ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
ssl_certificate_key /etc/ssl/myapp-mobi.key;
access_log /var/log/wss-access-ssl.log;
error_log /var/log/wss-error-ssl.log;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
}
此配置将域 wss.myapp.mobi 绑定到端口 443,启用 ssl 并proxy通过 proxy_pass 将请求发送到本地 websocket 服务器> 指令,rest 指令用于连接升级处理.
this configuration binds the domain wss.myapp.mobi to port 443 enabling ssl and proxying the requests to the local websocket server via proxy_pass directive, rest directives are for connection upgrades handling.
所以websocket服务器可以通过
So the websocket server can be accessed from browser client with
// connect through binded domain
// instead of wss.myapp.mobi:8080 which will not work
var url = 'wss://wss.myapp.mobi';
这篇关于棘轮 + nginx + SSL/安全 websocket的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
