[英]Node.js HTTP2 server Error: socket hang up
鑒於最新版本的Node.js具有實驗性HTTP2支持:
$ node -v
v9.2.0
HTTP2服務器:
var options = {
key: getKey(),
cert: getCert(),
allowHTTP1: true
}
var server = http2.createSecureServer(options)
server.on('stream', onstream)
server.on('error', onerror)
server.on('connect', onconnect)
server.on('socketError', onsocketerror)
server.on('frameError', onframeerror)
server.on('remoteSettings', onremotesettings)
server.listen(8443)
function onconnect() {
console.log('connect')
}
function onremotesettings(settings) {
console.log('remote settings', settings)
}
function onframeerror(error) {
console.log('frame error', error)
}
function onsocketerror(error) {
console.log('socket error', error)
}
function onerror(error) {
console.log(error)
}
function onstream(stream, headers) {
console.log('stream')
}
並提出要求:
var https = require('https')
var options = {
method: 'GET',
hostname: 'localhost',
port: '8443',
path: '/',
protocol: 'https:',
rejectUnauthorized: false,
agent: false
}
var req = https.request(options, function(res){
var body = ''
res.setEncoding('utf8')
res.on('data', function(data){
body += data;
});
res.on('end', function(){
callback(null, body)
})
})
req.end()
它只是掛起並最終說:
Error: socket hang up
at createHangUpError (_http_client.js:330:15)
at TLSSocket.socketOnEnd (_http_client.js:423:23)
at TLSSocket.emit (events.js:164:20)
at endReadableNT (_stream_readable.js:1054:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickCallback (internal/process/next_tick.js:180:9)
如果設置了rejectUnauthorized: true
,則會出錯:
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1036:34)
at TLSSocket.emit (events.js:159:13)
at TLSSocket._finishInit (_tls_wrap.js:637:8)
不確定出了什么問題以及為什么它不會達到記錄stream
。
如果我進入瀏覽器並訪問https:// localhost:8443 ,並單擊警告消息,它實際上會記錄stream
並成功發出請求。 但是還沒有得到節點來發出請求。
我想將此視為HTTP1服務器,因此不要使用HTTP2客戶端來發出請求。 但嘗試使用同樣的東西。
HTTP / 1不與HTTP / 2共享相同的請求語義,因此需要在HTTP / 2服務器中檢測和處理HTTP / 1客戶端。 要同時支持,您需要使用HTTP2兼容性API 。
當HTTP1客戶端使用allowHTTP1: true
設置連接到HTTP / 2服務器但不處理HTTP / 1請求時,會發生“掛起”。
這些示例基於Node文檔示例代碼 。
const http2 = require('http2')
const fs = require('fs')
var options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-crt.pem'),
//ca: fs.readFileSync('ca-crt.pem'),
allowHTTP1: true,
}
var server = http2.createSecureServer(options, (req, res) => {
// detects if it is a HTTPS request or HTTP/2
const { socket: { alpnProtocol } } = (req.httpVersion === '2.0')
? req.stream.session
: req
res.writeHead(200, { 'content-type': 'application/json' })
res.end(JSON.stringify({
alpnProtocol,
httpVersion: req.httpVersion
}))
})
server.listen(8443)
const http2 = require('http2')
const fs = require('fs')
const client = http2.connect('https://localhost:8443', {
ca: fs.readFileSync('ca-crt.pem'),
rejectUnauthorized: true,
})
client.on('socketError', (err) => console.error(err))
client.on('error', (err) => console.error(err))
const req = client.request({ ':path': '/' })
req.on('response', (headers, flags) => {
for (const name in headers) {
console.log('Header: "%s" "%s"', name, headers[name])
}
})
req.setEncoding('utf8')
let data = ''
req.on('data', chunk => data += chunk)
req.on('end', () => {
console.log('Data:', data)
client.destroy()
})
req.end()
然后運行:
→ node http2_client.js
(node:34542) ExperimentalWarning: The http2 module is an experimental API.
Header: ":status" "200"
Header: "content-type" "application/json"
Header: "date" "Sat, 02 Dec 2017 23:27:21 GMT"
Data: {"alpnProtocol":"h2","httpVersion":"2.0"}
const https = require('https')
const fs = require('fs')
var options = {
method: 'GET',
hostname: 'localhost',
port: '8443',
path: '/',
protocol: 'https:',
ca: fs.readFileSync('ca-crt.pem'),
rejectUnauthorized: true,
//agent: false
}
var req = https.request(options, function(res){
var body = ''
res.setEncoding('utf8')
res.on('data', data => body += data)
res.on('end', ()=> console.log('Body:', body))
})
req.on('response', response => {
for (const name in response.headers) {
console.log('Header: "%s" "%s"', name, response.headers[name])
}
})
req.end()
然后跑
→ node http1_client.js
Header: "content-type" "application/json"
Header: "date" "Sat, 02 Dec 2017 23:27:08 GMT"
Header: "connection" "close"
Header: "transfer-encoding" "chunked"
Body: {"alpnProtocol":false,"httpVersion":"1.1"}
使用普通的HTTP / 2服務器將與合作http2_client
但會“掛”了http1_client
。 刪除allowHTTP1: true
時,將關閉來自HTTP / 1客戶端的TLS連接。
const http2 = require('http2')
const fs = require('fs')
var options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-crt.pem'),
ca: fs.readFileSync('ca-crt.pem'),
allowHTTP1: true,
}
var server = http2.createSecureServer(options)
server.on('error', error => console.log(error))
server.on('connect', conn => console.log('connect', conn))
server.on('socketError', error => console.log('socketError', error))
server.on('frameError', error => console.log('frameError', error))
server.on('remoteSettings', settings => console.log('remote settings', settings))
server.on('stream', (stream, headers) => {
console.log('stream', headers)
stream.respond({
'content-type': 'application/html',
':status': 200
})
console.log(stream.session)
stream.end(JSON.stringify({
alpnProtocol: stream.session.socket.alpnProtocol,
httpVersion: "2"
}))
})
server.listen(8443)
通過要點中詳述的擴展中間證書設置,需要將完整的CA證書鏈提供給客戶端。
cat ca/x/certs/x.public.pem > caxy.pem
cat ca/y/certs/y.public.pem >> caxy.pem
然后在客戶端使用該ca
的選項。
{
ca: fs.readFileSync('caxy.pem'),
}
這些示例是使用此circle.com文章中的以下簡單CA設置運行的:
為了簡化配置,讓我們獲取以下CA配置文件。
wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf
接下來,我們將使用此配置創建新的證書頒發機構。
openssl req -new -x509 \\ -days 9999 \\ -config ca.cnf \\ -keyout ca-key.pem \\ -out ca-crt.pem
現在我們在ca-key.pem和ca-crt.pem中擁有了我們的證書權限,讓我們為服務器生成一個私鑰。
openssl genrsa \\ -out server-key.pem \\ 4096
我們的下一步是生成證書簽名請求。 再次簡化配置,讓我們使用server.cnf作為配置快捷方式。
wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf
現在我們將生成證書簽名請求。
openssl req -new \\ -config server.cnf \\ -key server-key.pem \\ -out server-csr.pem
現在讓我們簽署請求。
openssl x509 -req -extfile server.cnf \\ -days 999 \\ -passin "pass:password" \\ -in server-csr.pem \\ -CA ca-crt.pem \\ -CAkey ca-key.pem \\ -CAcreateserial \\ -out server-crt.pem
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.