将 Socket.IO 与 Apache、Node.js、ZEA52C36203C5F99C3CE2442D5351B 和 Cloud 一起使用

Question

I am creating a website that will connect to a Node.js Socket.IO WebSocket.我正在创建一个将连接到 Node.js Socket.IO WebSocket 的网站。 This node server is running on the port 4923 and the Socket.IO node is configured on the endpoint /socket .此节点服务器在端口 4923 上运行，并且在端点/socket上配置了 Socket.IO 节点。 I do not want to connect via https://domain1.com:4932/socket but instead from https://domain1.com/socket.io which points to my Apache Server. I do not want to connect via https://domain1.com:4932/socket but instead from https://domain1.com/socket.io which points to my Apache Server. The firewall blocks the port 4932 in order to block https://domain1.com:4932/socket .防火墙阻止端口 4932 以阻止https://domain1.com:4932/socket 。

The Apache Server should proxy all connections from https://domain1.com/socket.io to https://localhost:4932/socket SSL included. The Apache Server should proxy all connections from https://domain1.com/socket.io to https://localhost:4932/socket SSL included. The SSL cert is a cert from Let's Encrypt. SSL 证书是来自 Let's Encrypt 的证书。

When a new connection is created the SSL handshake between the Apache and Node.JS servers fails.创建新连接时，Apache 和 Node.JS 服务器之间的 SSL 握手失败。

My website traffic goes through Cloudflare with the Full universal SSL activated.我的网站流量通过 Cloudflare 并激活了完整的通用 SSL。

In the apache virtual host, I have the following configuration:在apache虚拟主机中，我有如下配置：

<VirtualHost  *:443>
        ...

        SSLEngine On
        SSLProxyEngine On

        SSLCertificateFile /etc/letsencrypt/live/domain1.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domain1.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf      

        # Handle wss proxy connections
        RewriteEngine On
        RewriteCond %{REQUEST_URI}  ^/socket.io             [NC]
        RewriteCond %{QUERY_STRING} transport=websocket     [NC]
        RewriteRule /(.*)           ws://localhost:4923/$1 [P,L]

        # Autogenerated ProxyPass
        ProxyPass        /socket.io http://localhost:4923/socket
        ProxyPassReverse /socket.io http://localhost:4923/socket
        
        ...
</VirtualHost>

My node.js server via HTTPS:我的 node.js 服务器通过 HTTPS：

const port = 4923;

const fs = require('fs');

var options = {
    key: fs.readFileSync('/etc/letsencrypt/live/domain1.com/privkey.pem'),
    cert: fs.readFileSync('/etc/letsencrypt/live/domain1.com/fullchain.pem'),
};

var app = require('https').createServer(options);
var io = require('socket.io')(app, {
    path: '/socket',
    serveClient: false,
    pingInterval: 10000,
    pingTimeout: 5000,
    cookie: false
});

app.listen(port);

io.httpServer.on('listening', function () {
    console.log("Listening on", port);
});

io.on('connect', (socket) => {
    console.log("Socket connected: " + socket.id);
    socket.on('disconnect', () => {
        console.log("Socket disconnected: " + socket.id);
    });
    socket.on('download-request', (id) => {
        onDownloadRequest(socket, id);
    });
});

function onDownloadRequest(socket, id) {
    console.log("Request from " + socket.id + " and video id: " + id);
}

Meanwhile, on the client-side, I create a new WebSocket connection on window load, and then I send the message when a button is clicked.同时，在客户端，我在加载 window 时创建了一个新的 WebSocket 连接，然后在单击按钮时发送消息。

...
const websocketOptions = {
        server : {
                protocol : 'https://',
                host     : 'domain1.com',
                port     : 443,
                endpoint : '/socket.io'
        }
};

function requestDownload() {
        if (isAnySelected() || socket !== null) {
                console.log(document.getElementsByClassName("download-input-box")[0].value);
                socket.emit('download-request', {id: document.getElementsByClassName("download-input-box")[0].value});
        }
}

function createConnection() {
        console.log("Creating websocket connection!");
        socket = io.connect(websocketOptions.server.protocol
                        + websocketOptions.server.host
                        + ':'
                        + websocketOptions.server.port
                        + websocketOptions.server.endpoint,
                        {transport: 'websocket'});
}

function onWindowLoad() {
        createConnection();
}

window.onload = onWindowLoad;

This results in a response code 500 and this error message in the apache error log:这将导致响应代码 500 和 apache 错误日志中的此错误消息：

AH00898: Error during SSL Handshake with remote server returned by /socket.io/, referer: https://domain1.com/

What am I doing wrong?我究竟做错了什么？ Any help is appreciated.任何帮助表示赞赏。

EDIT:编辑：

Now that the SSL handshake problem has been solved a new problem has been happening to me.现在 SSL 握手问题已经解决，一个新问题发生在我身上。 You can view it here .你可以在这里查看。

Answer 1

You can't SSL "localhost", so there is three options:你不能 SSL "localhost"，所以有三个选项：

Use one domain that you can request an SSL使用一个可以请求 SSL 的域
Use "localhost" with HTTP ( not s )将“localhost”与 HTTP 一起使用（不是 s）
Use "localhost" with SSL but disabling "SSLProxyCheckPeerName" into Apache2 configuration.将“localhost”与 SSL 一起使用，但在 Apache2 配置中禁用“SSLProxyCheckPeerName”。 ( See this reference ) （见这个参考）
SSLProxyCheckPeerName off SSLProxyCheckPeerName 关闭

将 Socket.IO 与 Apache、Node.js、ZEA52C36203C5F99C3CE2442D5351B 和 Cloud 一起使用

问题描述

1 个解决方案

解决方案1
2 已采纳 2020-08-03 21:31:11

将 Socket.IO 与 Apache、Node.js、ZEA52C36203C5F99C3CE2442D5351B 和 Cloud 一起使用

问题描述

1 个解决方案

解决方案1 2 已采纳 2020-08-03 21:31:11

解决方案1
2 已采纳 2020-08-03 21:31:11