节点、ws、ssl、nginx 给出错误 426,需要升级
[英]Node, ws, ssl, nginx giving error 426, upgrade needed
问题描述
I am serving an app using Node.js and NGINX.
我正在使用 Node.js 和 NGINX 为应用程序提供服务。 I am securing NGINX with LetsEncrypt, and running my node app on server with pm2 (using NGINX as a reverse proxy).我正在使用 LetsEncrypt 保护 NGINX,并使用 pm2 在服务器上运行我的节点应用程序(使用 NGINX 作为反向代理)。
My site will not load anything (426 error - upgrade required), but I can connect with the following scratchpad:我的网站不会加载任何内容(426 错误 - 需要升级),但我可以使用以下暂存器连接:
var port = 443;
var ws = new WebSocket("wss://mywebsite.com:" + port);
ws.onopen = function() {
console.log("Connected");
}
ws.onmessage = function(comment) {
console.log(JSON.parse(comment.data));
}
Here is the NGINX setup:这是 NGINX 设置:
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mywebsite.com www.mywebsite.com;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /path/to/cert; # managed by Certbot
ssl_certificate_key /path/to/key; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mywebsite.com www.mywebsite.com;
return 404; # managed by Certbot
}
My client code is basically identical to the scratchpad.我的客户端代码与暂存器基本相同。 This is the relevant server-side code:这是相关的服务器端代码:
var WebSocket = require('ws');
var serverPort = 8080;
var wss = new WebSocket.Server({port:serverPort});
console.log("Server running on port " + serverPort + " started at: " + new Date());
wss.on('connection', function(ws) {
console.log("Connected to websocket: " + ws);
var introComment = JSON.stringify({
user: "Welcome!",
data: {
body: "Welcome to the realtime feed!",
name: "realtime-intro-connection-message",
},
});
ws.send(introComment);
});
These are the response headers the browser receives:这些是浏览器收到的响应头:
HTTP/1.1 426 Upgrade Required
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 23 May 2018 19:20:36 GMT
Content-Type: text/plain
Content-Length: 16
Connection: keep-alive
I read that there should be an "Upgrade" header, is that part of the problem?我读到应该有一个“升级”标题,这是问题的一部分吗?
2 个解决方案
解决方案1
2 2020-04-15 10:16:41
To turn a connection between a client and server from HTTP/1.1 into WebSocket, the protocol switch mechanism available in HTTP/1.1 is used.为了将客户端和服务器之间的连接从 HTTP/1.1 转换为 WebSocket,使用了 HTTP/1.1 中可用的协议切换机制。
There is one subtlety however: since the “Upgrade” is a hop-by-hop header, it is not passed from a client to proxied server.然而,有一个微妙之处:由于“升级”是一个逐跳的标头,它不会从客户端传递到代理服务器。 With forward proxying, clients may use the CONNECT method to circumvent this issue.通过正向代理,客户端可以使用 CONNECT 方法来规避此问题。 This does not work with reverse proxying however, since clients are not aware of any proxy servers, and special processing on a proxy server is required.然而,这不适用于反向代理,因为客户端不知道任何代理服务器,并且需要在代理服务器上进行特殊处理。
Since version 1.3.13, nginx implements special mode of operation that allows setting up a tunnel between a client and proxied server if the proxied server returned a response with the code 101 (Switching Protocols), and the client asked for a protocol switch via the “Upgrade” header in a request.从 1.3.13 版本开始,nginx 实现了特殊的操作模式,如果代理服务器返回代码为 101(切换协议)的响应,并且客户端通过请求中的“升级”标头。
As noted above, hop-by-hop headers including “Upgrade” and “Connection” are not passed from a client to proxied server, therefore in order for the proxied server to know about the client's intention to switch a protocol to WebSocket, these headers have to be passed explicitly:如上所述,包括“Upgrade”和“Connection”在内的逐跳标头不会从客户端传递到代理服务器,因此为了让代理服务器了解客户端将协议切换到 WebSocket 的意图,这些标头必须明确传递:
location /chat/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
A more sophisticated example in which a value of the “Connection” header field in a request to the proxied server depends on the presence of the “Upgrade” field in the client request header:一个更复杂的示例,其中对代理服务器的请求中“Connection”标头字段的值取决于客户端请求标头中“Upgrade”字段的存在:
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server { ...服务器 { ...
location /chat/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
解决方案2
0 2018-06-01 17:49:36
I never really found the answer to this, so I changed my tactics:我从来没有真正找到答案,所以我改变了策略:
I moved from ws (npm's websockets) to socket.io.我从 ws(npm 的 websockets)转移到了 socket.io。 This seems to be more widely supported.这似乎得到了更广泛的支持。 For an example app using socket.io, look here at these great videos!对于使用socket.io一个示例应用程序,看看这里的这些伟大的影片! Everything now works fine.现在一切正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.