使用 Apache 反向代理的 Ratchet websocket 没有响应

Posted 2023-02-16

【中文标题】使用 Apache 反向代理的 Ratchet websocket 没有响应

【英文标题】：No response from Ratchet websocket using Apache reverse proxy

【发布时间】：2019-06-04 06:20:20

【问题描述】：

我正在尝试为 Cakephp 3 实现 WyriHaximus/Ratchet 插件。 我的 cakephp 应用程序正在运行，例如：blah.myhost.com，它启用了 ssl 证书。 我已经为这样的插件配置设置了我的 app.php

'WyriHaximus' => [
        'Ratchet' => [
            'internal' => [
                'address' => '0.0.0.0',
                'port' => 8888,
            ],
            'external' => [
                'hostname' => 'blah.myhost.com',
                'port' => 8888,
            ],
            'defaults' => [
                'retry_delay_growth' => 0.25,
            ],
            'realm_salt' => 'y[Pw3^o`hLxn`sZkZgtIZ=?B:!Q.8',
            'realm_auth_key_salt' => 'EEA~D`o:ZIIm=hR0bcD$3D+((ti:V;',
            'realms' => [
                'realm1' => [], // Always has to be an array
                'secure' => [
                    'auth' => true,
                    'auth_key' => '5J^e=7ec5g!0j#I4.t%"0Ih2)qp]I)',
                    'max_retries' => 13,
                ],
            ],
        ],
    ]

我可以使用指令here 运行 Web 套接字服务器，它运行良好并输出此内容

2019-06-04T18:38:02.6496330 debug      [Thruway\Peer\Router 5123] New router created
2019-06-04T18:38:02.6531680 info       [Thruway\Authentication\AuthenticationManager 5123] New client created
2019-06-04T18:38:02.6550820 info       [WyriHaximus\Ratchet\Websocket\InternalClient 5123] New client created
2019-06-04T18:38:02.6554090 info       [WyriHaximus\Ratchet\Websocket\InternalClient 5123] New client created
2019-06-04T18:38:02.6560020 info       [WyriHaximus\Ratchet\Security\AuthorizationManager 5123] New client created
2019-06-04T18:38:02.6614470 info       [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] New client created
2019-06-04T18:38:02.6619220 info       [Thruway\Peer\Router 5123] Starting router
2019-06-04T18:38:02.6685010 info       [Thruway\RealmManager 5123] Got prehello...
2019-06-04T18:38:02.6687590 debug      [Thruway\RealmManager 5123] Creating new realm 'thruway.auth'
2019-06-04T18:38:02.6719630 debug      [Thruway\RealmManager 5123] Adding realm 'thruway.auth'
2019-06-04T18:38:02.6763120 debug      [Thruway\Authentication\AuthenticationManager 5123] Client onMessage: [Thruway\Message\WelcomeMessage]
2019-06-04T18:38:02.6765620 info       [Thruway\Authentication\AuthenticationManager 5123] We have been welcomed...
2019-06-04T18:38:02.6794560 debug      [Thruway\Authentication\AuthenticationManager 5123] Client onMessage: [Thruway\Message\RegisteredMessage]
2019-06-04T18:38:02.6797150 info       [Thruway\Role\Callee 5123] Setting registration_id for thruway.auth.registermethod (0)
2019-06-04T18:38:02.6814840 info       [Thruway\RealmManager 5123] Got prehello...
2019-06-04T18:38:02.6817350 debug      [Thruway\RealmManager 5123] Creating new realm 'realm1'
2019-06-04T18:38:02.6819770 debug      [Thruway\RealmManager 5123] Adding realm 'realm1'
2019-06-04T18:38:02.6825430 debug      [WyriHaximus\Ratchet\Websocket\InternalClient 5123] Client onMessage: [Thruway\Message\WelcomeMessage]
2019-06-04T18:38:02.6827820 info       [WyriHaximus\Ratchet\Websocket\InternalClient 5123] We have been welcomed...
2019-06-04T18:38:02.6835090 info       [Thruway\RealmManager 5123] Got prehello...
2019-06-04T18:38:02.6837500 debug      [Thruway\RealmManager 5123] Creating new realm 'secure'
2019-06-04T18:38:02.6839950 debug      [Thruway\RealmManager 5123] Adding realm 'secure'
2019-06-04T18:38:02.6845380 debug      [WyriHaximus\Ratchet\Websocket\InternalClient 5123] Client onMessage: [Thruway\Message\WelcomeMessage]
2019-06-04T18:38:02.6847750 info       [WyriHaximus\Ratchet\Websocket\InternalClient 5123] We have been welcomed...
2019-06-04T18:38:02.6852190 info       [Thruway\RealmManager 5123] Got prehello...
2019-06-04T18:38:02.6856620 debug      [WyriHaximus\Ratchet\Security\AuthorizationManager 5123] Client onMessage: [Thruway\Message\WelcomeMessage]
2019-06-04T18:38:02.6858990 info       [WyriHaximus\Ratchet\Security\AuthorizationManager 5123] We have been welcomed...
2019-06-04T18:38:02.6875670 info       [Thruway\Transport\RatchetTransportProvider 5123] Websocket listening on 0.0.0.0:8888
2019-06-04T18:38:02.6888710 info       [Thruway\RealmManager 5123] Got prehello...
2019-06-04T18:38:02.6893150 debug      [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] Client onMessage: [Thruway\Message\WelcomeMessage]
2019-06-04T18:38:02.6895540 info       [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] We have been welcomed...
2019-06-04T18:38:02.6899420 debug      [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] Client onMessage: [Thruway\Message\RegisteredMessage]
2019-06-04T18:38:02.6901870 info       [Thruway\Role\Callee 5123] Setting registration_id for thruway.auth.jwt.onhello (0)
2019-06-04T18:38:02.6906900 debug      [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] Client onMessage: [Thruway\Message\RegisteredMessage]
2019-06-04T18:38:02.6909310 info       [Thruway\Role\Callee 5123] Setting registration_id for thruway.auth.jwt.onauthenticate (1)
2019-06-04T18:38:02.6928160 debug      [Thruway\Authentication\AuthenticationManager 5123] Client onMessage: [Thruway\Message\InvocationMessage]
2019-06-04T18:38:02.6937120 debug      [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] Client onMessage: [Thruway\Message\ResultMessage]
2019-06-04T18:38:02.6942790 debug      [WyriHaximus\Ratchet\Security\JWTAuthProvider 5123] Authentication Method Registration Successful: jwt

我的 ufw 状态输出这个

:~# ufw status |  grep 8888
8888/tcp                   ALLOW       Anywhere
8888/tcp (v6)              ALLOW       Anywhere (v6)

我的 Apache default-ssl.conf 的 ProxyPass 部分看起来像这样

SSLProxyEngine On
ProxyRequests Off
ProxyPass "/wss2/" "wss://blah.myhost.com:8888/"

这是我在浏览器中运行以尝试连接到 websocket 的代码。

var conn = new WebSocket('wss://blah.myhost.com/wss2/');
conn.onopen = function(e) 
    console.log("Connection established!");
;

conn.onmessage = function(e) 
    console.log(e.data);
;

我在 apache access.log 中收到此消息，但没有错误

04/Jun/2019:17:47:56 +1200] "GET /wss2/ HTTP/1.1" 500 4577 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/74.0.3729.169 Safari/537.36"

我在浏览器中很久之后得到的响应是这样的

WebSocket connection to 'wss://blah.myhost.com/wss2/' failed: WebSocket opening handshake timed out

我尝试过的其他方法包括 在我的 Apache default-ssl.conf 中使用重写引擎

SSLProxyEngine On
RewriteEngine On
RewriteCond %HTTP:Upgrade =websocket [NC]
RewriteRule ^/    wss://blah.myhost.com:8888/ [P,L]

用这个来连接

var conn = new WebSocket('wss://blah.myhost.com/');

这给出了完全相同的响应

另外，当我更改 app.php 配置以使用外部 ip 0.0.0.0 使服务器在 0.0.0.0:8888 上侦听然后重写为 wss://0.0.0.0:8888/ 时，我收到此错误尝试连接时出现 apache error.log。

[Tue Jun 04 18:27:04.089837 2019] [proxy:error] [pid 5648] (20014)Internal error (specific information not available): [client ^^^.^^^.^^^.^:^^^^] AH01084: pass request body failed to 0.0.0.0:8888 (0.0.0.0)
[Tue Jun 04 18:27:04.090047 2019] [proxy:error] [pid 5648] [client ^^^.^^^.^^^.^:^^^^] AH00898: Error during SSL Handshake with remote server returned by /

我不确定我做错了什么；也许我在 app.php 中的配置有误，或者我遗漏了一些重要步骤。

【参考方案1】：

通过使用autobahn 连接到Websocket 而不是我提供的代码来解决。此外，我将 app.php 中的外部 IP 更改为 0.0.0.0，将 Proxypass ip 更改为 0.0.0.0 而不是我的域名。