Javascript 如何使用SSL将haproxy放在socket.io前面?获取混合内容警告
我一直在使用它将haproxy放在node.js和socket.io的前面 haproxy设置中的一些代码:Javascript 如何使用SSL将haproxy放在socket.io前面?获取混合内容警告,javascript,node.js,sockets,ssl,haproxy,Javascript,Node.js,Sockets,Ssl,Haproxy,我一直在使用它将haproxy放在node.js和socket.io的前面 haproxy设置中的一些代码: frontend wwws bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem timeout client 1h default_backend www_backend acl is_websocket hdr(Upgrade) -i WebSocket use_backend websocket_ba
frontend wwws
bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
timeout client 1h
default_backend www_backend
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend websocket_backend if is_websocket
tcp-request inspect-delay 500ms
tcp-request content accept if HTTP
use_backend flashsocket_backend if !HTTP
frontend flash_policy
bind 0.0.0.0:843
timeout client 5s
default_backend nodejs_flashpolicy
backend www_backend
balance roundrobin
option forwardfor
server apache2 apache-backend:3001 weight 1 maxconn 1024 check
timeout connect 5s
timeout http-request 3s
timeout server 25s
backend websocket_backend
mode http
option forwardfor
option http-server-close
option forceclose
no option httpclose
server server1 socket-backend:3000 weight 1 maxconn 16384 check
nodeServer.js
var fs = require('fs');
var express = require('express'),
app = express(),
http = require('http').createServer(app),
io = require("socket.io").listen(http),
它在第一次连接时似乎运行良好,但随后浏览器会阻止所有混合内容的套接字连接尝试
我知道这是因为我通过Http而不是Https连接到socket.io
client.js
socket = io.connect('http://domain.com:3000', {
'force new connection': false,
'reconnection delay': 500,
'max reconnection attempts': 10
}),
socket = io.connect('https://domain.com:3000', {
'force new connection': false,
'reconnection delay': 500,
'max reconnection attempts': 10
}),
我曾尝试对nodeServer.js使用SSL,但它没有连接到套接字,我认为没有必要,因为我正在使用haproxy执行所有转发:
在nodeServer.js中,我已更改为:
var fs = require('fs'),
sslOption = {
key: fs.readFileSync('/ssl/crt/zz.key'),
cert: fs.readFileSync('/ssl/crt/zz.crt'),
ca: fs.readFileSync('/ssl/crt/zz-ca.crt'),
requestCert: true
},
express = require('express'),
app = express(),
https = require('https').createServer(app),
io = require("socket.io").listen(https),
client.js
socket = io.connect('http://domain.com:3000', {
'force new connection': false,
'reconnection delay': 500,
'max reconnection attempts': 10
}),
socket = io.connect('https://domain.com:3000', {
'force new connection': false,
'reconnection delay': 500,
'max reconnection attempts': 10
}),
有人把haproxy放在node.js和socket.io前面了吗?我应该用什么从client.js连接到socket.io?我不知怎么解决了这个问题。我不应该在client.js中使用https:domain.com:3000。我应该让haproxy做SSL转发。下面是我的设置,使SSL与socket.io一起工作。我希望偶然发现它的人能够纠正任何过时或错误的东西:
frontend www
bind 0.0.0.0:80
mode http
timeout client 5s
redirect scheme https if !{ ssl_fc }
acl is_socket hdr(Upgrade) -i WebSocket
acl is_socket hdr_beg(Host) -i wss
use_backend socket if is_socket
frontend www-https
bind 0.0.0.0:443 ssl crt /ssl/domain.pem
timeout client 1h
### Set up a check to identify the connection url initated by socket.io https://domain.com/socket.io/?EIO=3&transport=polling&t=1441877956651, if matched, forward to node backend
acl is_node path_beg /socket.io/
use_backend node if is_websocket
### I'm not sure if this one is necessary for wss://domain.com
acl is_websocket2 hdr(Upgrade) -i WebSocket
acl is_websocket2 hdr_beg(Host) -i ws
use_backend socket if is_websocket2
default_backend apache2
tcp-request inspect-delay 500ms
tcp-request content accept if HTTP
use_backend flashsocket_backend if !HTTP
frontend flash_policy
bind 0.0.0.0:843
timeout client 5s
default_backend nodejs_flashpolicy
### setting for apache, skipped because it's not the focus of the question
backend apache
###
backend flashsocket_backend
server server1 ipaddress:3000 weight 1 maxconn 16384 check
backend nodejs_flashpolicy
server server1 ipaddress:10843 maxconn 16384 check
backend node
mode http
timeout server 1h
timeout connect 1s
option httpclose
option forwardfor
server server1 ipaddress:3000 weight 1 maxconn 1024 check
backend socket
balance roundrobin
option forwardfor
option httpclose
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server server1 127.0.0.1:9000 weight 1 maxconn 1024 check
然后在client.js中,我将连接地址更改为:
socket = io.connect('https://domain.com', {
'force new connection': false,
'reconnection delay': 500,
'max reconnection attempts': 10,
})
使用而不是,以便连接将首先传递给ha代理
nodeServer.js中不需要更改任何内容。继续使用http,Haproxy将为您完成所有SSL转发
var fs = require('fs'),
express = require('express'),
app = express(),
http = require('http').createServer(app),
io = require("socket.io").listen(http),