堆栈内存溢出
  简体   繁体   English

WebSocket 通过 SSL 与 Apache 反向代理

[英]WebSocket through SSL with Apache reverse proxy

 原文  2017-04-21 21:17:38       apache/ ssl/ websocket/ proxy/ reverse-proxy

问题描述

On the client side, I am trying to establish the wss connection:在客户端,我正在尝试建立 wss 连接:

var ws = new WebSocket("wss://wsserver.com/test")

and it returns an error:它返回一个错误:

WebSocket connection to 'wss://wsserver.com/test' failed: Error during WebSocket handshake: Unexpected response code: 400

The full headers are:完整的标题是:

Request Headers请求头

GET wss://wsserver.com/test HTTP/1.1
Host: wsserver.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: https://website.net
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Sec-WebSocket-Key: Tj9AJ5TKglNf5LoHsQTpvQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response Headers响应头

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://website.net
Connection:close
Content-Length:18
Content-Type:text/plain; charset=utf-8
Date:Fri, 21 Apr 2017 21:03:45 GMT
Server:Apache/2.4.18 (Ubuntu)
Vary:Origin
X-Content-Type-Options:nosniff

The server side is running on go at port 8888 behind an Apache reverse proxy.服务器端在 Apache 反向代理后面的端口 8888 上运行。 This is the Apache configuration:这是Apache配置:

<VirtualHost *:443>
        ServerName website.com

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass "/" "wss://localhost:8888/"

mod_proxy and mod_proxy_wstunnel are installed. mod_proxymod_proxy_wstunnel已安装。

Is there something missing here?这里有什么遗漏吗? It seems like the request goes through but no connection is established.似乎请求通过但未建立连接。

4 个解决方案

解决方案1
 21 已采纳  2017-04-24 15:47:57

I ended up solving this problem by using this configuration for the virtual host, which filters requests using the HTTP headers:我最终通过对虚拟主机使用此配置来解决此问题,该配置使用 HTTP 标头过滤请求:

<VirtualHost *:443>
    ServerName website.com

    RewriteEngine On

    # When Upgrade:websocket header is present, redirect to ws
    # Using NC flag (case-insensitive) as some browsers will pass Websocket
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule ^/ws/(.*)    wss://localhost:8888/ws/$1 [P,L]

    # All other requests go to http
    ProxyPass "/" "http://localhost:8888/"

I'm leaving this as a reference in case it helps others我将其留作参考,以防它对其他人有帮助

解决方案2
 2  2020-07-23 16:52:26

This is my setup of virtualhost that worked for me, I have .netcore app on docker with SignalR as a websocket service.这是我对虚拟主机的设置,对我有用,我在 docker 上有 .netcore 应用程序,SignalR 作为 websocket 服务。

On 5000 my .netcore app is running, and on /chatHub my signalR listens.5000我的 .netcore 应用程序正在运行,在/chatHub我的 signalR 正在侦听。

Will be helpful for future comers with same problem.对以后遇到同样问题的人会有帮助。

<IfModule mod_ssl.c>
<VirtualHost *:443>
  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:5000/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:5000/$1 [P,L]


  ProxyPass "/" "http://localhost:5000/"
  ProxyPassReverse "/" "http://localhost:5000/"

  ProxyPass "/chatHub" "ws://localhost:5000/chatHub"
  ProxyPassReverse "/chatHub" "ws://localhost:5000/chatHub"

  ServerName site.com
  
SSLCertificateFile /etc/letsencrypt/live/site.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Source: http://shyammakwana.me/server/websockets-with-apache-reverse-proxy-with-ssl.html来源: http : //shyammakwana.me/server/websockets-with-apache-reverse-proxy-with-ssl.html

解决方案3
 0  2019-08-15 17:51:30

@ pimgeek's Comment: @ pimgeek 的评论:

I think instead of RewriteRule ^/nodered/comms wss://localhost:1880/nodered/comms [P,L]我认为而不是RewriteRule ^/nodered/comms wss://localhost:1880/nodered/comms [P,L]

you could have utilized $1 as follow: RewriteRule ^/nodered/comms$ wss://localhost:1880/$1 [P,L]你可以使用 $1 如下: RewriteRule ^/nodered/comms$ wss://localhost:1880/$1 [P,L]

Also, this should work aswell: RewriteRule ^/nodered/comms$ wss://localhost:1880$1 [P,L]此外,这也应该有效: RewriteRule ^/nodered/comms$ wss://localhost:1880$1 [P,L]

Notice the not needed / after the port, since $1 includes already a / at the beginning注意端口后面不需要的 / ,因为 $1 在开头已经包含了 /

解决方案4
 0  2020-05-07 19:57:11

In my case, I needed to activate "SSLProxyEngine on" to make the whole thing works...就我而言,我需要激活“SSLProxyEngine on”才能使整个过程正常工作......

I ended up with this 2 lines solution on Debian / Apache 2.4 (used port is 4321)我最终在 Debian / Apache 2.4 上得到了这个 2 行解决方案(使用的端口是 4321)

    SSLProxyEngine on
    ProxyPass         /wss  wss://127.0.0.1:4321/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有Apache2反向代理SSL握手的芹菜花对于Websocket失败 - Celery flower with apache2 reverse proxy ssl handshake fails for websocket 具有SSL的Apache反向代理 - Apache Reverse Proxy With SSL 在apache中使用PHP反向代理传递websocket请求 - Reverse proxy pass websocket request with PHP in apache SSL上的PHP websocket与proxy_wsTunnel - Apache - PHP websocket on SSL with proxy_wsTunnel - Apache Firefox Keep-Alive,通过apache反向代理升级破坏websocket - Firefox Keep-Alive, Upgrade ruining websocket through apache reverse proxy Apache反向代理设置SSL证书 - Apache reverse proxy set up SSL certificate 如何使用反向代理配置Apache SSL - How to configure apache ssl with reverse proxy 在Apache和Nginx上使用Nextcloud作为反向代理+ SSL - Nextcloud on apache and nginx as reverse proxy + SSL Nginx反向代理与Node.js和基于SSL的Apache - nginx reverse proxy with nodejs and apache over SSL Apache httpd反向代理方案的SSL问题 - SSL issue with Apache httpd reverse proxy scheme
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM