[英]WebSocket through SSL with Apache reverse proxy
On the client side, I am trying to establish the wss connection:在客户端,我正在尝试建立 wss 连接:
var ws = new WebSocket("wss://wsserver.com/test")
and it returns an error:它返回一个错误:
WebSocket connection to 'wss://wsserver.com/test' failed: Error during WebSocket handshake: Unexpected response code: 400
The full headers are:完整的标题是:
Request Headers请求头
GET wss://wsserver.com/test HTTP/1.1
Host: wsserver.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: https://website.net
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Sec-WebSocket-Key: Tj9AJ5TKglNf5LoHsQTpvQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Response Headers响应头
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://website.net
Connection:close
Content-Length:18
Content-Type:text/plain; charset=utf-8
Date:Fri, 21 Apr 2017 21:03:45 GMT
Server:Apache/2.4.18 (Ubuntu)
Vary:Origin
X-Content-Type-Options:nosniff
The server side is running on go at port 8888 behind an Apache reverse proxy.服务器端在 Apache 反向代理后面的端口 8888 上运行。 This is the Apache configuration:
这是Apache配置:
<VirtualHost *:443>
ServerName website.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass "/" "wss://localhost:8888/"
mod_proxy and mod_proxy_wstunnel are installed. mod_proxy和mod_proxy_wstunnel已安装。
Is there something missing here?这里有什么遗漏吗? It seems like the request goes through but no connection is established.
似乎请求通过但未建立连接。
I ended up solving this problem by using this configuration for the virtual host, which filters requests using the HTTP headers:我最终通过对虚拟主机使用此配置来解决此问题,该配置使用 HTTP 标头过滤请求:
<VirtualHost *:443>
ServerName website.com
RewriteEngine On
# When Upgrade:websocket header is present, redirect to ws
# Using NC flag (case-insensitive) as some browsers will pass Websocket
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule ^/ws/(.*) wss://localhost:8888/ws/$1 [P,L]
# All other requests go to http
ProxyPass "/" "http://localhost:8888/"
I'm leaving this as a reference in case it helps others我将其留作参考,以防它对其他人有帮助
This is my setup of virtualhost that worked for me, I have .netcore app on docker with SignalR as a websocket service.这是我对虚拟主机的设置,对我有用,我在 docker 上有 .netcore 应用程序,SignalR 作为 websocket 服务。
On 5000
my .netcore app is running, and on /chatHub
my signalR listens.在
5000
我的 .netcore 应用程序正在运行,在/chatHub
我的 signalR 正在侦听。
Will be helpful for future comers with same problem.对以后遇到同样问题的人会有帮助。
<IfModule mod_ssl.c>
<VirtualHost *:443>
RewriteEngine On
ProxyPreserveHost On
ProxyRequests Off
# allow for upgrading to websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:5000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:5000/$1 [P,L]
ProxyPass "/" "http://localhost:5000/"
ProxyPassReverse "/" "http://localhost:5000/"
ProxyPass "/chatHub" "ws://localhost:5000/chatHub"
ProxyPassReverse "/chatHub" "ws://localhost:5000/chatHub"
ServerName site.com
SSLCertificateFile /etc/letsencrypt/live/site.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Source: http://shyammakwana.me/server/websockets-with-apache-reverse-proxy-with-ssl.html来源: http : //shyammakwana.me/server/websockets-with-apache-reverse-proxy-with-ssl.html
@ pimgeek's Comment: @ pimgeek 的评论:
I think instead of RewriteRule ^/nodered/comms wss://localhost:1880/nodered/comms [P,L]
我认为而不是
RewriteRule ^/nodered/comms wss://localhost:1880/nodered/comms [P,L]
you could have utilized $1 as follow: RewriteRule ^/nodered/comms$ wss://localhost:1880/$1 [P,L]
你可以使用 $1 如下:
RewriteRule ^/nodered/comms$ wss://localhost:1880/$1 [P,L]
Also, this should work aswell: RewriteRule ^/nodered/comms$ wss://localhost:1880$1 [P,L]
此外,这也应该有效:
RewriteRule ^/nodered/comms$ wss://localhost:1880$1 [P,L]
Notice the not needed / after the port, since $1 includes already a / at the beginning注意端口后面不需要的 / ,因为 $1 在开头已经包含了 /
In my case, I needed to activate "SSLProxyEngine on" to make the whole thing works...就我而言,我需要激活“SSLProxyEngine on”才能使整个过程正常工作......
I ended up with this 2 lines solution on Debian / Apache 2.4 (used port is 4321)我最终在 Debian / Apache 2.4 上得到了这个 2 行解决方案(使用的端口是 4321)
SSLProxyEngine on
ProxyPass /wss wss://127.0.0.1:4321/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.