Fatal编程技术网
  • javascript/
  • Javascript 如何使用Nginx进行安全的Web套接字连接?

Javascript 如何使用Nginx进行安全的Web套接字连接?

javascript php websocket

Javascript 如何使用Nginx进行安全的Web套接字连接?,javascript,php,websocket,nginx-reverse-proxy,Javascript,Php,Websocket,Nginx Reverse Proxy,我可以通过JavaScript:var websocket=newwebsocket(“ws://IP:PORT”)将web套接字直接连接到我的PHP守护进程服务器;这将正确地获得握手,但当我尝试nginx代理时,它无法接收Sec WebSocket键的头值,握手失败 --最近更新:JavaScript根本无法连接,原因是:SyntaxError:指定了无效或非法的字符串 nginx config file: upstream chatwebsocket { serve

我可以通过JavaScript:var websocket=newwebsocket(“ws://IP:PORT”)将web套接字直接连接到我的PHP守护进程服务器;这将正确地获得握手,但当我尝试nginx代理时,它无法接收Sec WebSocket键的头值,握手失败

--最近更新:JavaScript根本无法连接,原因是:SyntaxError:指定了无效或非法的字符串

nginx config file: upstream chatwebsocket { server 127.0.0.1:9090; } server { # ... listen 80 default_server; location / { proxy_pass http://chatwebsocket; ... proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; } 我缺少代理集标题**

升级

**$http_升级

JavaScript中的do:
var-websocket=new-websocket('wss://DomainName:443');

在Nginx中,请执行以下操作:


map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream appwebsocket {
    server 127.0.0.1:9090;
}

server {
    listen   443;
    server_name YOUR_Domain_Name_HERE;

    ssl  on;
    ssl_certificate  /etc/nginx/ssl/ssl.crt;
    ssl_certificate_key  /etc/nginx/ssl/ssl.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_pass http://appwebsocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}


进行连接升级是让Nginx中的一切正常工作的关键。我不需要设置Sec WebSocket密钥头(在nginx中)!而且,我不需要重新编写我的PHP应用程序


请记住,您可以向nginx位置路径添加一个路径,这样您就可以使您的网页保持在线,并将web套接字路由到该路径
 我想我可以试一试:我想让我的web套接字代码在PHP中保持简单和干净,同时仍然使用Nginx为我做SSL。我不知道该怎么做,有什么想法吗?好吧,我想我现在明白了:只是通过nginx添加了SSL支持来监听443和安装的证书。现在,我可以通过JavaScript进行连接wss://myDomain:443 web套接字的URL。进行连接升级是让Nginx中的一切正常工作的关键。我不需要设置Sec WebSocket密钥头(在nginx中)!
if (! isset($headers['sec-websocket-key'])) { 
       return "HTTP/1.1 400 Bad Key Request"; //...

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream chatwebsocket {
    server 127.0.0.1:9090;
}

server {
    listen 8020;
    location / {
        proxy_pass http://chatwebsocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}



map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream appwebsocket {
    server 127.0.0.1:9090;
}

server {
    listen   443;
    server_name YOUR_Domain_Name_HERE;

    ssl  on;
    ssl_certificate  /etc/nginx/ssl/ssl.crt;
    ssl_certificate_key  /etc/nginx/ssl/ssl.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_pass http://appwebsocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}