堆栈内存溢出
  繁体   English   中英

如何使用SSL将haproxy放在socket.io前面? 获取混合内容警告

[英]How to put haproxy in front of socket.io with SSL? Getting Mixed content warning

 原文  2015-09-10 08:27:26       javascript/ node.js/ sockets/ ssl/ haproxy

问题描述

我一直在使用此设置将haproxy放在node.js和socket.io的前面。

haproxy设置中的一些代码: 

frontend wwws
    bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
    timeout client 1h
    default_backend www_backend

    acl is_websocket hdr(Upgrade) -i WebSocket
    use_backend websocket_backend if is_websocket

    tcp-request inspect-delay 500ms
    tcp-request content accept if HTTP
    use_backend flashsocket_backend if !HTTP

frontend flash_policy
    bind 0.0.0.0:843
    timeout client 5s
    default_backend nodejs_flashpolicy

backend www_backend
    balance roundrobin
    option forwardfor
    server apache2 apache-backend:3001 weight 1 maxconn 1024 check  
    timeout connect 5s
    timeout http-request 3s
    timeout server 25s

backend websocket_backend
    mode http
    option forwardfor
    option http-server-close
    option forceclose
    no option httpclose
    server server1 socket-backend:3000 weight 1 maxconn 16384 check

nodeServer.js 

var fs =    require('fs');
var express = require('express'), 
app = express(), 
http = require('http').createServer(app), 
io = require("socket.io").listen(http),

似乎在第一个连接上运行良好,但是随后浏览器阻止了Mixed Content所有套接字连接尝试。 

The page at 'https://domain.com/391' was loaded over HTTPS, 
 but requested an insecure XMLHttpRequest endpoint 
'http://domain.com:3000/socket.io/?EIO=3&transport=polling&t=1456666556035-0'. 
 This request has been blocked; the content must be served over HTTPS.

我知道这是由于我与socket.io的连接是通过Http而不是Https

client.js 

socket = io.connect('http://domain.com:3000', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10
}),

我已经尝试过对nodeServer.js使用SSL,但是它没有连接到套接字,并且我认为这是没有必要的,因为我使用haproxy来完成所有转发:

在nodeServer.js中,我已更改为: 

var fs =    require('fs'),
sslOption = {
    key:    fs.readFileSync('/ssl/crt/zz.key'),
    cert:   fs.readFileSync('/ssl/crt/zz.crt'),
    ca:     fs.readFileSync('/ssl/crt/zz-ca.crt'),
    requestCert: true
},
express = require('express'), 
app = express(), 
https = require('https').createServer(app), 
io = require("socket.io").listen(https),

client.js 

socket = io.connect('https://domain.com:3000', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10
}),

有人将haproxy放在node.js和socket.io前面吗? 我应该使用什么从client.js连接到socket.io?

1 个解决方案

解决方案1
 0 已采纳  2015-09-10 09:55:29

我已经解决了问题。 我不应该在client.js使用https:domain.com:3000 我应该让haproxy进行SSL转发。 这是使SSL与socket.io配合使用的设置。 我希望可能会偶然发现它的人纠正任何过时或错误的内容: 

frontend www

    bind 0.0.0.0:80

    mode http

    timeout client 5s

    redirect scheme https if !{ ssl_fc }

    acl is_socket hdr(Upgrade) -i WebSocket

    acl is_socket hdr_beg(Host) -i wss

    use_backend socket if is_socket

frontend www-https

   bind 0.0.0.0:443 ssl crt /ssl/domain.pem

   timeout client  1h


   ### Set up a check to identify the connection url initated by socket.io https://domain.com/socket.io/?EIO=3&transport=polling&t=1441877956651, if matched, forward to node backend

   acl is_node path_beg /socket.io/ 

   use_backend node if is_websocket


   ### I'm not sure if this one is necessary for wss://domain.com

   acl is_websocket2 hdr(Upgrade) -i WebSocket

   acl is_websocket2 hdr_beg(Host) -i ws

   use_backend socket if is_websocket2

   default_backend apache2

   tcp-request inspect-delay 500ms

   tcp-request content accept if HTTP

   use_backend flashsocket_backend if !HTTP


frontend flash_policy

    bind 0.0.0.0:843

    timeout client 5s

    default_backend nodejs_flashpolicy

###  setting for apache, skipped because it's not the focus of the question 

backend apache

### 

backend flashsocket_backend
    server server1 ipaddress:3000 weight 1 maxconn 16384 check

backend nodejs_flashpolicy
    server server1 ipaddress:10843 maxconn 16384 check


backend node

    mode http 

    timeout server 1h

    timeout connect 1s  

    option httpclose

    option forwardfor

    server server1 ipaddress:3000 weight 1 maxconn 1024 check


backend socket

    balance roundrobin

    option forwardfor

    option httpclose

    timeout queue 5000

    timeout server 86400000

    timeout connect 86400000

    server server1 127.0.0.1:9000 weight 1 maxconn 1024 check

然后在client.js中,我将连接地址更改为: 

socket = io.connect('https://domain.com', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10,
})

使用“ https://domain.com ”而不是“ http://domain.com:3000 ”,这样连接将首先传递给ha-proxy。

无需在nodeServer.js进行任何更改。 继续使用http ,Haproxy将为您完成所有SSL转发。 

var fs =    require('fs'),
express = require('express'), 
app = express(), 
http = require('http').createServer(app), 
io = require("socket.io").listen(http),

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Socket.IO和SSL SSL破坏socket.io 使用SSL运行socket.io 带有SSL的节点socket.io SSL证书Socket.io 如何使用socket.io与前端通信? 使用Socket.IO获取404 Socket.io - 通过 Cloudflare 的 SSL 使用SSL的node.js和socket.io socket.io,在控制台上没有定义获取io
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM