gpt4 book ai didi

ssl - 让 wss 使用 stunnel & ratchet

转载 作者:太空宇宙 更新时间:2023-11-03 13:36:55 25 4
gpt4 key购买 nike

在 CentOS 7 上运行 Apache v2.4、PHP v5.6 w/php-fpm

所以我正在尝试让 wss 与 stunnel & Ratchet 一起工作。我有 Ratchet 的 Hello World ( http://socketo.me/docs/hello-world ) 在非 SSL 端口 8080 上使用测试代码成功运行。我可以从同一台机器远程登录,也可以从另一台机器远程登录。

通过阅读,我知道 ratchet 不支持 ssl 连接,但是通过用 stunnel 包装通信来支持,所以我设置了 stunnel 并在端口 8443 上监听了一个适当的证书,这似乎在工作(如日志所示)文件)。

当我尝试使用 Firefox 暂存器中的 wss 建立连接时,出现以下错误:Firefox 无法与位于 wss://testserver.testdomain.com:8443 的服务器建立连接 我可以通过各种日志文件看到正在创建的连接,但是由于我无法创建可靠的 wss 连接,所以某处通信失败。关于我遗漏了什么或我在哪里搞砸的任何想法?日志/代码如下

便签本代码

var conn = new WebSocket('wss://testserver.testdomain.com:8443');
conn.onopen = function(e) {
console.log("Connection established!");
};

conn.onmessage = function(e) {
console.log(e.data);
};

channel 配置:

cert = /etc/httpd/ssl/ov_wildcard.pem

[hublistener]
accept = 8443
connect = 8080

Stunnel 日志:

2016.05.11 14:43:28 LOG5[38759:140614807435328]: stunnel 4.56 on x86_64-redhat-linux-gnu platform
2016.05.11 14:43:28 LOG5[38759:140614807435328]: Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013
2016.05.11 14:43:28 LOG5[38759:140614807435328]: Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
2016.05.11 14:43:28 LOG5[38759:140614807435328]: Reading configuration from file /etc/stunnel/stunnel.conf
2016.05.11 14:43:28 LOG5[38759:140614807435328]: FIPS mode is enabled
2016.05.11 14:43:28 LOG4[38759:140614807435328]: Insecure file permissions on /etc/httpd/ssl/cert.pem
2016.05.11 14:43:28 LOG5[38759:140614807435328]: Configuration successful
2016.05.11 14:45:59 LOG5[38765:140614807430912]: Service [hublistener] accepted connection from ***.***.***.***:39124
2016.05.11 14:45:59 LOG5[38765:140614807430912]: connect_blocking: connected 127.0.0.1:8080
2016.05.11 14:45:59 LOG5[38765:140614807430912]: Service [hublistener] connected remote server from 127.0.0.1:59795

Ratchet 示例输出:

[zxurian@ariel dev-hub]$ php module/HubListener/websocket.php
New Connection! (307)
New Connection! (317)
Connection 317 sending message "second window line 1
" to 1 other connection
Connection 317 sending message "second window line 2
" to 1 other connection
New Connection! (318)
Connection 318 sending message "GET / HTTP/1.1
Host: testserver.testdomain.com:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 FirePHP/0.7.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://testserver.testdomain.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PrWlBjR2q6a0syT4oplnAQ==
Cookie: PHPSESSID=ci7102qouvqprhdpk483hv6ar3; exclusive_offers_popup=1; __utma=213556497.27501638.1462814210.1462827970.1462831402.3; __utmc=213556497; __utmz=213556497.1462814210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=213556497.|1=l=%2F=1
x-insight: activate
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

" to 2 other connections

Telnet 连接 1

[zxurian@ariel ~]$ telnet 127.0.0.1 8080
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
second window line 1
second window line 2
GET / HTTP/1.1
Host: testserver.testdomain.com:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 FirePHP/0.7.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://testserver.testdomain.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PrWlBjR2q6a0syT4oplnAQ==
Cookie: PHPSESSID=ci7102qouvqprhdpk483hv6ar3; exclusive_offers_popup=1; __utma=213556497.27501638.1462814210.1462827970.1462831402.3; __utmc=213556497; __utmz=213556497.1462814210.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=213556497.|1=l=%2F=1
x-insight: activate
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

最佳答案

我有一个在我自己的机器上运行的 Ratchet WebSocket,我也在使用 Apache2.4为了让它在 SSL 上工作,我做了:

代理传递套接字

在 (/etc/apache2/)apache2.conf 我添加了

    //added for the websocket over SSL
ProxyPass /wss/ ws://alpha.example.com:8080/

这将我在端口 8080 上运行的 websocket 传递给 wss://alpha.example.com/wss/

为了确保您的 stunnel 配置正确,这就是我所做的在 (/etc/stunnel/)stunnel.conf

cert = /etc/letsencrypt/live/www.example.com/cert.pem
key = /etc/letsencrypt/live/www.example.com/privkey.pem
[wss]
accept = 8082
connect = 8080

提醒:将我使用的 key 路径更改为您的 key 正在使用的路径。

在启动我的服务器的 PHP 文件中,我在 Ratchet 示例中使用了端口 8080

$webSock->listen(8080, '0.0.0.0'); // Binding to 0.0.0.0 means remotes can connect

关于ssl - 让 wss 使用 stunnel & ratchet,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37171844/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com