WebSocket wss:// 在 SSL 上与 Nginx Gunicorn Daphne Channels Redis
Posted
技术标签:
【中文标题】WebSocket wss:// 在 SSL 上与 Nginx Gunicorn Daphne Channels Redis【英文标题】:WebSocket wss:// on SSL with Nginx Gunicorn Daphne Channels Redis 【发布时间】:2021-12-23 01:37:27 【问题描述】:我尝试让我的 Django 项目使用 WebSockets 运行;在浏览器控制台中我收到错误
WebSocket connection to 'wss://www.xxx.com:8001/ws/asdf/1234/' failed:
settings.py:
CHANNEL_LAYERS =
"default":
"BACKEND": "channels_redis.core.RedisChannelLayer",
"CONFIG":
"hosts": [("config('REDIS_SERVER_NAME')", 6379)],
,
"ROUTING": "myproject.routing.channel_routing",
,
asgi.py:
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'myproject.settings')
django.setup()
application = get_default_application()
nginx配置:
server
server_name <IP-adress> <xxx.xxx>;
location = /favicon.ico access_log off; log_not_found off;
location /
include proxy_params;
proxy_pass http://unix:/home/ubuntu/myproject/myproject.sock;
location /ws/
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://127.0.0.1:8001/;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx.xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxx.xxx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
daphne.service:
Unit]
Description=WebSocket Daphne Service
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/home/ubuntu/myproject
ExecStart=daphne -e ssl:8001:privateKey=/etc/letsencrypt/live/xxx.xxx/privkey.pem:certKey=/etc/letsencrypt/live/xxx.xxx/fullchain.pem myproject.asgi:application
Restart=on-failure
[Install]
WantedBy=multi-user.target
该站点运行良好,当我在没有来自 certbot 的域 SSL 证书的情况下对其进行测试时,ws:// 正在运行。任何帮助表示赞赏...
【问题讨论】:
我也不知道如何调试或开始解决问题。 nginx 日志文件和控制台输出没有太大帮助......我应该采取什么方法? 【参考方案1】:我想通了!我改变了我的文件如下。
nginx配置:
server
server_name mydomain.com www.mydomain.com
location = /favicon.ico access_log off; log_not_found off;
location /
include proxy_params;
proxy_pass http://unix:/home/ubuntu/myproject/myproject.sock;
location /ws/
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://unix:/tmp/daphne.sock;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
daphne.service:
[Unit]
Description=WebSocket Daphne Service
After=network.target
[Service]
User=root
Group=www-data
WorkingDirectory=/home/ubuntu/myproject
ExecStart=daphne -u /tmp/daphne.sock myproject.asgi:application
Restart=on-failure
[Install]
WantedBy=multi-user.target
【讨论】:
以上是关于WebSocket wss:// 在 SSL 上与 Nginx Gunicorn Daphne Channels Redis的主要内容,如果未能解决你的问题,请参考以下文章
使用多域 SSL SAN 证书无法在 Chrome 中建立 wss websocket 连接
Java Secure Websocket - 从 TLS 证书文件加载 SSL 上下文并连接到 WSS URI
nginx配置支持https和wss(websocket)协议