Javascript 如何使用SSL将haproxy放在socket.io前面？获取混合内容警告_Javascript_Node.js_Sockets_Ssl_Haproxy

Javascript 如何使用SSL将haproxy放在socket.io前面？获取混合内容警告

javascript node.js sockets ssl

Javascript 如何使用SSL将haproxy放在socket.io前面？获取混合内容警告,javascript,node.js,sockets,ssl,haproxy,Javascript,Node.js,Sockets,Ssl,Haproxy,我一直在使用它将haproxy放在node.js和socket.io的前面 haproxy设置中的一些代码： frontend wwws bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem timeout client 1h default_backend www_backend acl is_websocket hdr(Upgrade) -i WebSocket use_backend websocket_ba

我一直在使用它将haproxy放在node.js和socket.io的前面

haproxy设置中的一些代码：

frontend wwws
    bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
    timeout client 1h
    default_backend www_backend

    acl is_websocket hdr(Upgrade) -i WebSocket
    use_backend websocket_backend if is_websocket

    tcp-request inspect-delay 500ms
    tcp-request content accept if HTTP
    use_backend flashsocket_backend if !HTTP

frontend flash_policy
    bind 0.0.0.0:843
    timeout client 5s
    default_backend nodejs_flashpolicy

backend www_backend
    balance roundrobin
    option forwardfor
    server apache2 apache-backend:3001 weight 1 maxconn 1024 check  
    timeout connect 5s
    timeout http-request 3s
    timeout server 25s

backend websocket_backend
    mode http
    option forwardfor
    option http-server-close
    option forceclose
    no option httpclose
    server server1 socket-backend:3000 weight 1 maxconn 16384 check

nodeServer.js

var fs =    require('fs');
var express = require('express'), 
app = express(), 
http = require('http').createServer(app), 
io = require("socket.io").listen(http),

它在第一次连接时似乎运行良好，但随后浏览器会阻止所有混合内容的套接字连接尝试

我知道这是因为我通过Http而不是Https连接到socket.io

client.js

socket = io.connect('http://domain.com:3000', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10
}),

socket = io.connect('https://domain.com:3000', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10
}),

我曾尝试对nodeServer.js使用SSL，但它没有连接到套接字，我认为没有必要，因为我正在使用haproxy执行所有转发：

在nodeServer.js中，我已更改为：

var fs =    require('fs'),
sslOption = {
    key:    fs.readFileSync('/ssl/crt/zz.key'),
    cert:   fs.readFileSync('/ssl/crt/zz.crt'),
    ca:     fs.readFileSync('/ssl/crt/zz-ca.crt'),
    requestCert: true
},
express = require('express'), 
app = express(), 
https = require('https').createServer(app), 
io = require("socket.io").listen(https),

client.js

socket = io.connect('http://domain.com:3000', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10
}),

socket = io.connect('https://domain.com:3000', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10
}),

有人把haproxy放在node.js和socket.io前面了吗？我应该用什么从client.js连接到socket.io？

我不知怎么解决了这个问题。我不应该在client.js中使用https:domain.com:3000。我应该让haproxy做SSL转发。下面是我的设置，使SSL与socket.io一起工作。我希望偶然发现它的人能够纠正任何过时或错误的东西：

frontend www

    bind 0.0.0.0:80

    mode http

    timeout client 5s

    redirect scheme https if !{ ssl_fc }

    acl is_socket hdr(Upgrade) -i WebSocket

    acl is_socket hdr_beg(Host) -i wss

    use_backend socket if is_socket

frontend www-https

   bind 0.0.0.0:443 ssl crt /ssl/domain.pem

   timeout client  1h


   ### Set up a check to identify the connection url initated by socket.io https://domain.com/socket.io/?EIO=3&transport=polling&t=1441877956651, if matched, forward to node backend

   acl is_node path_beg /socket.io/ 

   use_backend node if is_websocket


   ### I'm not sure if this one is necessary for wss://domain.com

   acl is_websocket2 hdr(Upgrade) -i WebSocket

   acl is_websocket2 hdr_beg(Host) -i ws

   use_backend socket if is_websocket2

   default_backend apache2

   tcp-request inspect-delay 500ms

   tcp-request content accept if HTTP

   use_backend flashsocket_backend if !HTTP


frontend flash_policy

    bind 0.0.0.0:843

    timeout client 5s

    default_backend nodejs_flashpolicy

###  setting for apache, skipped because it's not the focus of the question 

backend apache

### 

backend flashsocket_backend
    server server1 ipaddress:3000 weight 1 maxconn 16384 check

backend nodejs_flashpolicy
    server server1 ipaddress:10843 maxconn 16384 check


backend node

    mode http 

    timeout server 1h

    timeout connect 1s  

    option httpclose

    option forwardfor

    server server1 ipaddress:3000 weight 1 maxconn 1024 check


backend socket

    balance roundrobin

    option forwardfor

    option httpclose

    timeout queue 5000

    timeout server 86400000

    timeout connect 86400000

    server server1 127.0.0.1:9000 weight 1 maxconn 1024 check

然后在client.js中，我将连接地址更改为：

socket = io.connect('https://domain.com', {
  'force new connection': false,
  'reconnection delay': 500,
  'max reconnection attempts': 10,
})

使用而不是，以便连接将首先传递给ha代理

nodeServer.js中不需要更改任何内容。继续使用http，Haproxy将为您完成所有SSL转发

var fs =    require('fs'),
express = require('express'), 
app = express(), 
http = require('http').createServer(app), 
io = require("socket.io").listen(http),