SSL 上的 PHP websocket 与 proxy_wsTunnel - Apache

Posted 2023-02-16

【中文标题】SSL 上的 PHP websocket 与 proxy_wsTunnel - Apache

【英文标题】：PHP websocket on SSL with proxy_wsTunnel - Apache

【发布时间】：2017-03-13 12:50:31

【问题描述】：

我有一个 php websocket 服务器正在运行，但我想通过 https 连接到它。这是我的 JS：var conn = new WebSocket('wss://81.169.228.159:3671/wss2');

这是我的 apache 配置：

ProxyPass /wss2/ ws://domain:3671/

我启用了proxy 和proxy_wstunnel。

那么，我做错了什么？

错误日志：

[Mon Mar 13 04:38:04.228450 2017] [mpm_prefork:notice] [pid 6683] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 04:38:04.228471 2017] [core:notice] [pid 6683] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 12:42:39.475641 2017] [:error] [pid 12432] [client 195.169.9.201:8546] script '/var/www/html/luukwuijster.io/phpinfo.php' not found or unable to stat
[Mon Mar 13 12:56:25.370986 2017] [mpm_prefork:notice] [pid 6683] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 12:56:26.539948 2017] [mpm_prefork:notice] [pid 26932] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 12:56:26.539972 2017] [core:notice] [pid 26932] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:06:36.280229 2017] [mpm_prefork:notice] [pid 26932] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:06:37.473220 2017] [mpm_prefork:notice] [pid 27256] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:06:37.473248 2017] [core:notice] [pid 27256] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:19:52.144983 2017] [mpm_prefork:notice] [pid 27256] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:19:53.235045 2017] [mpm_prefork:notice] [pid 27775] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:19:53.235083 2017] [core:notice] [pid 27775] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:22:21.467607 2017] [mpm_prefork:notice] [pid 27775] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:22:22.618416 2017] [mpm_prefork:notice] [pid 27911] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:22:22.618455 2017] [core:notice] [pid 27911] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:28:08.356148 2017] [mpm_prefork:notice] [pid 27911] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:28:09.546926 2017] [mpm_prefork:notice] [pid 28540] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:28:09.546964 2017] [core:notice] [pid 28540] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:35:26.856446 2017] [mpm_prefork:notice] [pid 28540] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:35:28.532498 2017] [mpm_prefork:notice] [pid 29153] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:35:28.532541 2017] [core:notice] [pid 29153] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 13:46:19.084561 2017] [ssl:error] [pid 29170] [client 208.93.152.93:54712] AH02042: rejecting client initiated renegotiation
[Mon Mar 13 13:57:14.410892 2017] [mpm_prefork:notice] [pid 29153] AH00169: caught SIGTERM, shutting down
[Mon Mar 13 13:57:16.465381 2017] [mpm_prefork:notice] [pid 29927] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Mar 13 13:57:16.465424 2017] [core:notice] [pid 29927] AH00094: Command line: '/usr/sbin/apache2'
[Mon Mar 13 14:00:03.312882 2017] [:error] [pid 29936] [client 81.169.228.159:33706] PHP Notice:  Undefined index: text in /var/www/html/luukwuijster.io/slack/cronofy/huiswerk.php on line 9

【问题讨论】：

证书是基于域的，不能使用 IP 地址。

我现在将其更改为我的域。它仍然无法正常工作

你检查过你的错误日志吗？

是的，我做到了，或者至少，我检查了 access.log。而且里面没有任何用处

检查error.log

【参考方案1】：

我假设您有一个React\Socket\Server 正在侦听端口8080（又名php push-server.php）。棘轮网站上的教程应该可以帮助您了解这一点。

我还假设您已经配置并加载了问题中提到的 proxy 和 proxy_wstunnel apache 模块。

---

以下是我个人用来实现 WebSocket 连接的配置。

我使用/ws/ 而不是教程中提到的/wss2/ 以获得更好看的URL。根据需要随意调整配置。

Apache 配置

#SSL (Secure)                                                                                                                                                                                                               
<VirtualHost *:443>
    DocumentRoot /FILE_PATH_TO_WEBROOT
    ServerName local.sitename.com
    ServerAlias local.sitename.com
    <Directory /FILE_PATH_TO_WEBROOT>
        Options FollowSymLinks
        AllowOverride all 
        php_flag display_errors On
        Require all granted
    </Directory>
    SSLCertificateFile /etc/httpd/ssl/.crt
    SSLCertificateKeyFile /etc/httpd/ssl/.key

    ProxyRequests Off 
    ProxyPass "/ws/"  "ws://local.sitename.com:8080/"
</VirtualHost>

#NON-SSL (Insecure)
<VirtualHost *:80>
    DocumentRoot /FILE_PATH_TO_WEBROOT
    ServerName local.sitename.com
    ServerAlias local.sitename.com
    <Directory /FILE_PATH_TO_WEBROOT>
        Options FollowSymLinks
        AllowOverride all 
        php_flag display_errors On
        Require all granted
    </Directory>
    ProxyRequests Off 
    ProxyPass "/ws/"  "ws://local.sitename.com:8080/"
</VirtualHost>

安全的 JavaScript 套接字连接

var conn = new WebSocket('wss://local.sitename.com/ws/');

不安全的 JavaScript 套接字连接

var conn = new WebSocket('ws://local.sitename.com/ws/');

【讨论】：

是的！谢谢！这比我自己的“解决方案”要好得多。它完美地工作