Ruby on rails 如何为安全WebSocket配置Elastic Beanstalk nginx代理？

我正在使用Elastic Beanstalk部署我的Ruby on Rails（

5.0.1

）应用程序，试图通过不安全（

ws://

）和安全（

wss://

）连接来支持WebSocket（

ActionCable

）。如果做不到这一点，我只会对安全感感到高兴，但我工作时只会变得不安全。我一直在跟踪；我的

.ebextensions/proxy.config

文件与它们完全匹配，我的负载平衡器设置（

TCP

，

SSL

等）也与它们完全匹配

我可以成功地使用不安全的WebSocket。我还可以通过

http

和

https

成功连接，因此证书很好。唯一不起作用的是安全WebSocket（

wss://

）：

• http://api.skill.guide

  有效

• https://api.skill.guide

  有效

• ws://api.skill.guide/cable

• wss://api.skill.guide/cable

  不起作用

通过测试，我在控制台中看到WebSocket握手期间出现

错误：意外响应代码：404

。以下是服务器日志，首先显示成功的不安全升级，然后是失败的安全升级。请注意secure senario中缺少的

HTTP\u升级

，这让我相信我的反向代理配置有问题

[2016-12-17T23:16:41.230931 #9482]  INFO -- : [5d63e807-6df7-4044-af9c-656b25db9065] Started GET "/cable/?encoding=text" for 172.31.26.218 at 2016-12-17 23:16:41 +0000
I, [2016-12-17T23:16:41.252495 #9482]  INFO -- : [5d63e807-6df7-4044-af9c-656b25db9065] Started GET "/cable/?encoding=text" [WebSocket] for 172.31.26.218 at 2016-12-17 23:16:41 +0000
I, [2016-12-17T23:16:41.252578 #9482]  INFO -- : [5d63e807-6df7-4044-af9c-656b25db9065] Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
I, [2016-12-17T23:16:44.643256 #9482]  INFO -- : Finished "/cable/?encoding=text" [WebSocket] for 172.31.26.218 at 2016-12-17 23:16:44 +0000
I, [2016-12-17T23:16:47.786466 #9498]  INFO -- : [3e502e9b-2773-4ab8-8e7e-d6e46b137ac2] Started GET "/cable/?encoding=text" for 73.222.141.98 at 2016-12-17 23:16:47 +0000
I, [2016-12-17T23:16:47.804715 #9498]  INFO -- : [3e502e9b-2773-4ab8-8e7e-d6e46b137ac2] Started GET "/cable/?encoding=text"[non-WebSocket] for 73.222.141.98 at 2016-12-17 23:16:47 +0000
E, [2016-12-17T23:16:47.804789 #9498] ERROR -- : [3e502e9b-2773-4ab8-8e7e-d6e46b137ac2] Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: keep-alive, HTTP_UPGRADE: )
I, [2016-12-17T23:16:47.804832 #9498]  INFO -- : [3e502e9b-2773-4ab8-8e7e-d6e46b137ac2] Finished "/cable/?encoding=text"[non-WebSocket] for 73.222.141.98 at 2016-12-17 23:16:47 +0000

为了完整起见，这里是我的设置

负载平衡器：

.elasticbeanstalk/proxy.config

：

config/production.rb

---

Django通道的问题相对相同。

files:
  /etc/nginx/conf.d/proxy.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      upstream rails {
        server 127.0.0.1:3000;
        keepalive 256;
      }

      server {
        listen 8080;

        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
            set $year $1;
            set $month $2;
            set $day $3;
            set $hour $4;
        }
        access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
        access_log  /var/log/nginx/access.log  main;

        location / {
            proxy_pass  http://rails;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        gzip on;
        gzip_comp_level 4;
        gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        location /static {
            alias /var/app/current/static;
        }

      }

container_commands:
 removeconfig:
    command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"

  config.action_cable.url = 'wss://api.skill.guide/cable'
  config.action_cable.disable_request_forgery_protection = true