nginx,node.js+;使用SSL的socket.io
我在配置nginx和node以支持SSL上的socket.io时遇到问题 我的nginx配置:nginx,node.js+;使用SSL的socket.io,node.js,ssl,nginx,socket.io,Node.js,Ssl,Nginx,Socket.io,我在配置nginx和node以支持SSL上的socket.io时遇到问题 我的nginx配置: map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; listen 443 ssl; listen [::]:80; listen [::]:443 ssl; access_log /var/log/nginx
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen 443 ssl;
listen [::]:80;
listen [::]:443 ssl;
access_log /var/log/nginx/livetest.log;
server_name live-test.dev www.live-test.dev;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
location / {
proxy_pass https://live_test;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
live_测试是在端口6020上运行的node.js的上游测试。在chrome中进行测试时,它会在轮询状态为(失败)时停止。使用wscat时:
wscat—连接wss://live-test.dev
我收到:
错误:错误:自签名证书
我想知道这里怎么了?这是我的node.js应用程序:
var express = require('express');
var cookie = require('cookie');
var app = express();
var http = require('http').Server(app);
var socketIo = require('socket.io');
var redis = require('redis');
var redisClient = client = redis.createClient();
io.on('connection', function(socket){
var cookies = cookie.parse(socket.handshake.headers.cookie);
console.log(cookies);
});
http.listen(6020, function(){
console.log('listening on 6020');
});
var express = require('express');
var cookie = require('cookie');
var fs = require('fs');
var app = express();
var https = require('https').Server(app, {
key: fs.readFileSync('/etc/nginx/ssl/nginx.key'),
cert: fs.readFileSync('/etc/nginx/ssl/nginx.crt'),
});
var socketIo = require('socket.io');
var redis = require('redis');
var redisClient = client = redis.createClient();
var io = new socketIo(https);
io.on('connection', function(socket){
var cookies = cookie.parse(socket.handshake.headers.cookie);
console.log(cookies);
});
https.listen(6020, function(){
console.log('listening on 6020');
});
我觉得我的node.js应用程序中缺少了一些东西。我认为既然nginx处理SSL node.js就不必再处理了,但也许我错了
是的,我正在为SSL使用自签名证书。node.js/socket.io能否与自签名证书一起工作
@更新
阅读了一些内容后,我更改了node.js应用程序:
var express = require('express');
var cookie = require('cookie');
var app = express();
var http = require('http').Server(app);
var socketIo = require('socket.io');
var redis = require('redis');
var redisClient = client = redis.createClient();
io.on('connection', function(socket){
var cookies = cookie.parse(socket.handshake.headers.cookie);
console.log(cookies);
});
http.listen(6020, function(){
console.log('listening on 6020');
});
var express = require('express');
var cookie = require('cookie');
var fs = require('fs');
var app = express();
var https = require('https').Server(app, {
key: fs.readFileSync('/etc/nginx/ssl/nginx.key'),
cert: fs.readFileSync('/etc/nginx/ssl/nginx.crt'),
});
var socketIo = require('socket.io');
var redis = require('redis');
var redisClient = client = redis.createClient();
var io = new socketIo(https);
io.on('connection', function(socket){
var cookies = cookie.parse(socket.handshake.headers.cookie);
console.log(cookies);
});
https.listen(6020, function(){
console.log('listening on 6020');
});
@更新2
在我的评论之后,我尝试了带有-n标志的wscat,现在出现了错误:
错误:错误:意外的服务器响应(502)
而nginx error.log包含:
2017/03/07 13:44:10[错误]10556#10556:*140从上游读取响应标头时,上游连接过早关闭
@更新3
在进一步阅读之后,我将app.js返回到http。
var fs=require('fs');
var app=require('express')();
var https=require('https');
var io=require('socket.io')(https);
var HTTPSOptions={
证书:fs.readFileSync('ssl证书文件的路径'),
key:fs.readFileSync('ssl密钥文件的路径'),
requestCert:false,
拒绝:错误,
};
HTTPSOptions.agent=新的https.agent(HTTPSOptions);
var httpsServer=https.createServer(HTTPSOptions,app);
io=io.listen(httpsServer{
日志:false
});
//io.sockets.on('connection',函数(sock){
//控制台日志(“已连接”);
//});
var Redis=require('ioredis');
var redis=new redis();
psubscribe('*',函数(){});
redis.on('pmessage',函数(订阅、频道、消息){
控制台日志(“通道:+通道”);
console.log(“消息:”+消息);
message=JSON.parse(message);
io.emit(通道+':'+message.event,message.data);
});
httpsServer.listen(6001,函数(){
console.log(“在端口6001上侦听”);
});
您是否尝试过wscat-n
,即wscat--不检查
-跳过证书测试?@abcdn我刚才尝试过,更新了我的question@abcdn我相信这意味着nginx正确地处理了请求,是节点失败了?是的,我想这正是你所说的。如果live_测试在同一台机器上运行,我也不确定您是否需要使用两次https。为何您只需要在Nginx和外部世界之间使用https
。我不是网络拓扑专家,但在我看来,Nginx和node.js的本地端口之间的流量只在本地循环。@abcdn你说得对。我确实回到了http版本。更重要的是,我设法找到了问题所在。这是因为在我实际的代码浏览器中使用了子域——在我直接转到URL并打开不安全的连接之前,浏览器一直在阻止它。当切换到单域时,它工作得很好!谢谢你的帮助:)是的,你在最后一行有“~”,我想这就是原因。非常感谢您在这里发布您的解决方案。我确实让nginx处理了它为另一个应用程序处理的所有与SSL相关的东西。但我们希望有人会遇到这个问题,并找到你的答案工作!