[英]Celery flower with apache2 reverse proxy ssl handshake fails for websocket
我正在尝试为apache2之后的花朵设置反向代理,如本帖子《 芹菜生产中的安全性》所述 。
通过代理从Flower进行的Https页面加载工作正常,但是打开以更新仪表板的websocket却没有-ssl握手失败并且没有响应返回。 我在ubuntu 12.04上使用apache2 2.2.22,并通过常用补丁添加了mod_proxy_wstunnel,以便通过隧道连接websocket。 我在127.0.0.1:5555上通过主管进行管理。
这是我的Apache .conf的相关部分
SSLProxyEngine On
SSLProxyVerify none
ProxyRequests Off
ProxyPass /update-dashboard wss://127.0.0.1:5555/update-dashboard
ProxyPassReverse /update-dashboard wss://127.0.0.1:5555/update-dashboard
ProxyPass / http://127.0.0.1:5555/
ProxyPassReverse / http://127.0.0.1:5555/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
这是最终超时后的请求
"GET /update-dashboard HTTP/1.1"
500 419 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36"
这是apache2错误日志的输出
[Fri Jun 12 16:44:28 2015] [info] Initial (No.1) HTTPS request received for child 195 (server demoflower.eatthismuch.com:80)
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_wstunnel.c(377): [client 71.189.228.118] canonicalising URL //127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(1509): [client 71.189.228.118] proxy: wss: found worker wss://127.0.0.1:5555/update-dashboard for wss://127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy.c(1020): Running scheme wss handler (attempt 0)
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_http.c(1978): proxy: HTTP: declining URL wss://127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_wstunnel.c(659): [client 71.189.228.118] AH02451: serving URL wss://127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2014): proxy: WSS: has acquired connection for (127.0.0.1)
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2070): proxy: connecting wss://127.0.0.1:5555/update-dashboard to 127.0.0.1:5555
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2196): proxy: connected /update-dashboard to 127.0.0.1:5555
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2447): proxy: WSS: fam 2 socket created to connect to 127.0.0.1
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2579): proxy: WSS: connection complete to 127.0.0.1:5555 (127.0.0.1)
[Fri Jun 12 16:44:28 2015] [info] [client 127.0.0.1] Connection to child 0 established (server demoflower.eatthismuch.com:80)
[Fri Jun 12 16:44:28 2015] [info] Seeding PRNG with 656 bytes of entropy
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_wstunnel.c(518): [client 71.189.228.118] sending request
[Fri Jun 12 16:44:28 2015] [debug] ssl_engine_kernel.c(1819): OpenSSL: Handshake: start
[Fri Jun 12 16:44:28 2015] [debug] ssl_engine_kernel.c(1827): OpenSSL: Loop: before/connect initialization
[Fri Jun 12 16:44:28 2015] [debug] ssl_engine_kernel.c(1827): OpenSSL: Loop: unknown state
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b6c001650 [mem: 7f0b68006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b60001650 [mem: 7f0b60006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 13:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b70001650 [mem: 7f0b70006f83]
[Fri Jun 12 13:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b6c001650 [mem: 7f0b70006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b60001650 [mem: 7f0b70006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b64001650 [mem: 7f0b70006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
任何想法可能出什么问题吗? 我尝试了很多不同的apache2设置都没有用。 谢谢阅读!
我有一个类似的apache配置文件,它无法正常工作,并且我看到了OpenSSL错误5个字节的预期消息。
我添加了以下内容:
ProxyPreserveHost On
现在该应用程序可以正常运行。 我仍然看到OpenSSL错误,但这似乎不是问题。
请注意,下降的http URL只是mod_proxy
的正常操作,它以指定顺序尝试所有较低级别的代理模块,直到找到匹配的模块。
我也在使用ws:
协议而不是wss:
与Tomcat 8后端通信。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.