![](/img/trans.png)
[英]Rails 4: Rack SSL enforcer ERR_SSL_PROTOCOL_ERROR with localhost
[英]rails cable Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
我有一個帶有 /cable websocket 和 nginx 反向代理的 rails 6 應用程序
我將相同的配置與另一台服務器(工作正常):
在生產中.rb
config.action_cable.url = 'wss://domain.fr:8001/cable'
config.action_cable.allowed_request_origins = ['https://domain.fr', 'http://domain.fr']
config.action_cable.mount_path = '/cable'
在路線:
mount ActionCable.server => '/cable'
在 JS 中:
ActionCable.createConsumer 'wss://domain.fr:8001/cable'
在代理中:
server {
listen 443 ssl http2;
server_name domain.fr;
if ($host ~ '^www\.') { return 301 https://domain.fr$request_uri; }
ssl_certificate /etc/letsencrypt/live/domain.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.fr/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/domain.fr/fullchain.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /home/liberty/dhparams.pem;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
location / {
proxy_pass http://127.0.0.1:90;
}
location /cable {
proxy_pass http://127.0.0.1:8001;
}
access_log /var/log/rsh_proxy.access.log;
error_log /var/log/rsh_proxy.error.log;
location ~*^.+(swf|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
proxy_pass http://127.0.0.1:90;
proxy_cache cache;
proxy_cache_valid 9999d;
expires max;
}
}
在虛擬主機中:
server {
listen 8001 default_server;
listen [::]:8001 default_server ipv6only=on;
server_name domain.fr;
root /var/www/domain/public;
passenger_enabled on;
passenger_app_group_name MYAPP_action_cable;
passenger_app_type rack;
passenger_startup_file cable/config.ru;
passenger_force_max_concurrent_requests_per_process 0;
access_log /var/log/rsh_cable.access.log combined;
error_log /var/log/rsh_cable.error.log;
}
我嘗試重新啟動 nginx 但沒有新的
chrome控制台中的錯誤:
WebSocket 連接到“wss://domain.fr:8001/cable”失敗:連接建立錯誤:net::ERR_SSL_PROTOCOL_ERROR
PS:防火牆中的端口打開;)
編輯:登錄 /var/log/rsh_cable.access.log 的示例:
37.170.142.84 - - [29/Jul/2020:02:34:13 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x9F\x19\x1E\xA7\x96\xDBC\x98\x92\xCC.<S\xBC\x02\x04Jd\xB4M\x03uK\xA8\x1D\xEE\x0B\x96\xA2]\x1A\xD6 \x08\x1C\xC73/f\x8CaA\xFD/\xAA\xFE\xC1\xCB\x9A+\x9A(8)\xD7\xE1\xB8nR\x15!\x99\xD4^\xEA\x00\x22\x9A\x9A\x13\x03\x13\x01\x13\x02\xCC\xA9\xCC\xA8\xC0+\xC0/\xC0,\xC00\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:17 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:32 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03Y\xBD\x08i\x1D\x9C\x83{\x0B\xE3\x9E\x02P\x99\xBDJ@\xD5\xFB50\x17 T\x10\xB3\x09O\xFA9\x07: \xEE\x1A\xE9x\xC3oI\xE1\xB7b\x5C\xD3\xF8\xE1\x03\xF0\x86(\xAB\xB1\xB9\xEA=d\x19\xB0ul\x8D\xF0\xED\x8B\x00 \xDA\xDA\x13\x03\x13\x01\x13\x02\xCC\xA9\xCC\xA8\xC0+\xC0/\xC0,\xC00\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93\x9A\x9A\x00\x00\x00\x00\x00\x0E\x00\x0C\x00\x00\x09domain.fr\x00\x17\x00\x00\xFF\x01\x00\x01\x00\x00" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:32 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xA30O\xF7\xF0\x09" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:54 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x97\x04b" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:54 +0200] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xEAx\x19\x0Bg\xEB:E\x13x\x87WVd\xD4\xCFXA-\xD4\x09v\x17\xCC\xA4x\x19xP\xCA\xAB\xD8 )\x07+\xF4\xFA=U\xB1z\xDE\xD9\x1D\x11\xCFE\xF3\x97/\xC1y!\xE7u\xE68@&\xD7\xCF\xEB\xB5\x90\x00 JJ\x13\x03\x13\x01\x13\x02\xCC\xA9\xCC\xA8\xC0+\xC0/\xC0,\xC00\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93JJ\x00\x00\x00\x00\x00\x0E\x00\x0C\x00\x00\x09domain.fr\x00\x17\x00\x00\xFF\x01\x00\x01\x00\x00" 400 157 "-" "-"
在配置中,您應該指定最終用戶可以訪問的最終 actioncable url。
由於您使用的是額外的代理 - 這將是wss://www.domain.fr/cable
,並且您的端口 8001 應該在防火牆中關閉除代理之外的所有內容,因為它不是 ssl 終止的(因此 ssl錯誤)
還要確保 http 1.1 使用必要的標頭正確代理:
location /cable {
proxy_pass http://127.0.0.1:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# not always needed, but in some setups can be necessary:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Real-IP $remote_addr;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.