基于 Apache SSL 的 websocket 上的 MQTT
[英]MQTT over websocket over Apache SSL
问题描述
I have an mqtt broker providing unencrypted websocket.
我有一个 mqtt 代理提供未加密的 websocket。 I would like to proxy it through an Apache which should encrypt the websocket to the outside.我想通过 Apache 代理它,该 Apache 应该将 websocket 加密到外部。
It is an Apache 2.4 on a Windows machine.它是 Windows 机器上的 Apache 2.4。
My config is:我的配置是:
<VirtualHost *:80> ServerName test.someurl.com RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://localhost:9876/$1 [P,L] </VirtualHost> <VirtualHost *:443> ServerName test.someurl.com SSLEngine on SSLCertificateFile "C:/Program Files (x86)/Apache24/conf/ssl/some_certificate.crt" SSLCertificateKeyFile "C:/Program Files (x86)/Apache24/conf/ssl/some_key.key" RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://localhost:9876/$1 [P,L] # Websocket proxy # wss redirects to working ws protocol # ProxyPass /wss ws://127.0.0.1:9876 retry=0 keepalive=On # ProxyPassReverse /wss ws://127.0.0.1:9876 retry=0 </VirtualHost>
I am able to connect through ws / port 80. It works fine.我可以通过 ws / 端口 80 进行连接。它工作正常。 However, I am not able to connect using the wss.但是,我无法使用 wss 进行连接。
I tried both using a rewriting and also a proxy_pass directives.我尝试使用重写和 proxy_pass 指令。 I tried 100 different solution.我尝试了 100 种不同的解决方案。 However, this one looked most promising as port 80 is working for ws but not for the encrypted part.然而,这个看起来最有希望,因为端口 80 为 ws 工作,但不适用于加密部分。 Any idea?任何的想法? Or I am just blinded by the options O:)或者我只是被选项 O 蒙蔽了双眼:)
1 个解决方案
解决方案1
0 2021-01-05 14:16:02
This is an old question, but as I've just got this working:这是一个老问题,但因为我刚刚开始工作:
I have Mosquitto listening on port 8000 (which is firewalled to block any connections other than from localhost)我让 Mosquitto 监听端口 8000(它被防火墙阻止以阻止除本地主机之外的任何连接)
listener 8000
socket_domain ipv4
allow_anonymous true
protocol websockets
Then setup apache as so:然后像这样设置apache:
<VirtualHost *:80>
ProxyPass /ws/ ws://localhost:8000/
ProxyPassReverse /ws/ ws://localhost:8000/
</VirtualHost>
<VirtualHost *:443>
SSLCertificateFile ...
SSLCertificateChainFile ...
SSLCertificateKeyFile ...
ProxyPass /ws/ ws://localhost:8000/
ProxyPassReverse /ws/ ws://localhost:8000/
</VirtualHost>
Finally, the web-application is set to connect like so:最后,网络应用程序设置为如下连接:
mqtt.connect((window.location.protocol == "https:" ? "wss:" : "ws:") + "//example.org/ws/");
Note that the proxy protocol can be "ws" or "wss" - both seem to work interchangeably.请注意,代理协议可以是“ws”或“wss”——两者似乎可以互换工作。 This is the connection between apache and mosquitto, there's no need to encrypt (they're on the same host).这是apache和mosquitto之间的连接,不需要加密(它们在同一台主机上)。 The use of the "/ws/" suffix on the path means I can do without mod_rewrite, and simply use mod_proxy.在路径上使用“/ws/”后缀意味着我可以不用 mod_rewrite,只需使用 mod_proxy。
This approach is the only way I could require authentication when accessed over HTTPS (which is public) but not over HTTP (which is behind the firewall).这种方法是我在通过 HTTPS(公开)而不是通过 HTTP(在防火墙后面)访问时需要身份验证的唯一方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.