[英]Accessing non-SSL socket.io (nodejs) server from SSL Apache request, same host
我將這個問題解決了幾個小時,找不到任何解決方案。
我有一個運行在nodejs上的socket.io服務器,偵聽非SSL端口8080,並按如下所示啟動:
var io = require('socket.io').listen(8080);
我使用代理通過Apache連接到socket.io服務器:
<VirtualHost *:443>
ServerName www.mysite.com
DocumentRoot /var/www/vhosts/mysite
ErrorLog logs/mysite.log
TransferLog logs/ssl.access.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
SSLCertificateChainFile /etc/pki/tls/certs/geotrust.crt
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyRequests Off
ProxyPass /socket.io http://localhost:8080/socket.io
ProxyPassReverse /socket.io http://localhost:8080/socket.io
在客戶端,我使用以下代碼打開我的socket.io連接:
var socket = io.connect('https://'+hostname, {secure:true});
從用戶的角度來看,一切正常,除了Apache日志中有大量錯誤消息:
[ssl:error] [pid 15080] [remote 127.0.0.1:443] AH01961: SSL Proxy requested for www.mysite.com:443 but not enabled [Hint: SSLProxyEngine]
[proxy:error] [pid 15080] AH00961: HTTPS: failed to enable ssl support for 127.0.0.1:443 (www.mysite.com)
我意識到我沒有使用“ SSLProxyEngine on”選項,但是它是有目的的。 如果我將其設置為打開,則無任何作用。
我只想通過SSL端口443將對Apache的請求重定向到端口8080(同一主機)上的我的非SSL socket.io 。 8080端口對外部連接是封閉的,如果可能的話,我不希望在Apache和nodejs之間使用SSL,並擺脫所有這些無用的錯誤消息。
有人能幫助我嗎? ;)
如此處所示, Websocket apache代理問題與ssl
您必須在上編輯apache site.conf
SSLUseStapling on
ProxyRequests Off
ProxyPreserveHost on
ProxyPass /socket.io http://localhost:8080/socket.io
ProxyPassReverse /socket.io http://localhost:8080/socket.io
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RequestHeader set Front-End-Https "On"
var proxy = require('http-proxy').createProxyServer();
var fs = require('fs');
express = require('express.io');
app = express();
var SSloptions = {
key: fs.readFileSync('/var/www/node/certificados/mig.xxx.key'),
cert: fs.readFileSync('/var/www/node/certificados/xxxx.crt'),
ca: [
fs.readFileSync('/var/www/node/certificados/gd_bundle-xxxx.crt')
],
rejectUnauthorized: false,
requestCert: true,
agent: false,
strictSSL: false
};
app.https(SSloptions).io();
app.all('*', function(req, res){
proxy.web(req, res, {
target: 'https://localhost:4443',
secure: true
});
});
app.listen(14443);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.