SSL 上的 PHP websocket 与 proxy_wsTunnel - Apache

Posted

技术标签:

【中文标题】SSL 上的 PHP websocket 与 proxy_wsTunnel - Apache【英文标题】:PHP websocket on SSL with proxy_wsTunnel - Apache 【发布时间】:2017-03-13 12:50:31 【问题描述】:

我有一个 php websocket 服务器正在运行,但我想通过 https 连接到它。这是我的 JS:var conn = new WebSocket('wss://81.169.228.159:3671/wss2');

这是我的 apache 配置:

ProxyPass /wss2/ ws://domain:3671/

我启用了proxyproxy_wstunnel

那么,我做错了什么?

错误日志:

[Mon Mar 13 04:38:04.228450 2017] [mpm_prefork:notice] [pid 6683] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 04:38:04.228471 2017] [core:notice] [pid 6683] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 12:42:39.475641 2017] [:error] [pid 12432] [client 195.169.9.201:8546] script '/var/www/html/luukwuijster.io/phpinfo.php' not found or unable to stat
[Mon Mar 13 12:56:25.370986 2017] [mpm_prefork:notice] [pid 6683] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 12:56:26.539948 2017] [mpm_prefork:notice] [pid 26932] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 12:56:26.539972 2017] [core:notice] [pid 26932] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:06:36.280229 2017] [mpm_prefork:notice] [pid 26932] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:06:37.473220 2017] [mpm_prefork:notice] [pid 27256] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:06:37.473248 2017] [core:notice] [pid 27256] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:19:52.144983 2017] [mpm_prefork:notice] [pid 27256] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:19:53.235045 2017] [mpm_prefork:notice] [pid 27775] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:19:53.235083 2017] [core:notice] [pid 27775] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:22:21.467607 2017] [mpm_prefork:notice] [pid 27775] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:22:22.618416 2017] [mpm_prefork:notice] [pid 27911] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:22:22.618455 2017] [core:notice] [pid 27911] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:28:08.356148 2017] [mpm_prefork:notice] [pid 27911] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:28:09.546926 2017] [mpm_prefork:notice] [pid 28540] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:28:09.546964 2017] [core:notice] [pid 28540] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:35:26.856446 2017] [mpm_prefork:notice] [pid 28540] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:35:28.532498 2017] [mpm_prefork:notice] [pid 29153] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:35:28.532541 2017] [core:notice] [pid 29153] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:46:19.084561 2017] [ssl:error] [pid 29170] [client 208.93.152.93:54712] AH02042: rejecting client initiated renegotiation
[Mon Mar 13 13:57:14.410892 2017] [mpm_prefork:notice] [pid 29153] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:57:16.465381 2017] [mpm_prefork:notice] [pid 29927] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:57:16.465424 2017] [core:notice] [pid 29927] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 14:00:03.312882 2017] [:error] [pid 29936] [client 81.169.228.159:33706] PHP Notice:  Undefined index: text in /var/www/html/luukwuijster.io/slack/cronofy/huiswerk.php on line 9

【问题讨论】:

证书是基于域的,不能使用 IP 地址。 我现在将其更改为我的域。它仍然无法正常工作 你检查过你的错误日志吗? 是的,我做到了,或者至少,我检查了 access.log。而且里面没有任何用处 检查error.log 【参考方案1】:

我假设您有一个React\Socket\Server 正在侦听端口8080(又名php push-server.php)。棘轮网站上的教程应该可以帮助您了解这一点。

我还假设您已经配置并加载了问题中提到的 proxyproxy_wstunnel apache 模块。


以下是我个人用来实现 WebSocket 连接的配置。

我使用/ws/ 而不是教程中提到的/wss2/ 以获得更好看的URL。根据需要随意调整配置。

Apache 配置

#SSL (Secure)                                                                                                                                                                                                               
<VirtualHost *:443>
    DocumentRoot /FILE_PATH_TO_WEBROOT
    ServerName local.sitename.com
    ServerAlias local.sitename.com
    <Directory /FILE_PATH_TO_WEBROOT>
        Options FollowSymLinks
        AllowOverride all 
        php_flag display_errors On
        Require all granted
    </Directory>
    SSLCertificateFile /etc/httpd/ssl/.crt
    SSLCertificateKeyFile /etc/httpd/ssl/.key

    ProxyRequests Off 
    ProxyPass "/ws/"  "ws://local.sitename.com:8080/"
</VirtualHost>

#NON-SSL (Insecure)
<VirtualHost *:80>
    DocumentRoot /FILE_PATH_TO_WEBROOT
    ServerName local.sitename.com
    ServerAlias local.sitename.com
    <Directory /FILE_PATH_TO_WEBROOT>
        Options FollowSymLinks
        AllowOverride all 
        php_flag display_errors On
        Require all granted
    </Directory>
    ProxyRequests Off 
    ProxyPass "/ws/"  "ws://local.sitename.com:8080/"
</VirtualHost>

安全的 JavaScript 套接字连接

var conn = new WebSocket('wss://local.sitename.com/ws/');

不安全的 JavaScript 套接字连接

var conn = new WebSocket('ws://local.sitename.com/ws/');

【讨论】:

是的!谢谢!这比我自己的“解决方案”要好得多。它完美地工作

以上是关于SSL 上的 PHP websocket 与 proxy_wsTunnel - Apache的主要内容,如果未能解决你的问题,请参考以下文章

Letsencrypt SSL证书上的WebSocket连接失败

使用 SSL 创建 PHP WebSocket

带有 Apache 服务器 SSL 的 php 中的 Websocket

AWS 应用程序负载均衡器上的 Websocket + SSL

websocket + php + nginx - 超级简单

用于 SSL PHP 站点和 Websockets WSS 的 Nginx 配置?