无法与 NGINX 建立 WSS(安全 Websocket)连接
Can't get a WSS (Secure Websocket) connection with NGINX
我正在尝试建立“wss”连接以在 NGINX 上工作。 “ws”,没有 SSL,工作正常。
(我把实际的项目域名换成了“test.thruway.local”)
这是 nginx 配置:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream thruway_websocket {
server 127.0.0.1:9090;
}
server {
listen 9190;
listen [::]:9190;
server_name test.thruway.local;
access_log /var/log/nginx/test.thruway.access_log;
error_log /var/log/nginx/test.thruway.error_log;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# tried both "https://" and "http://"
proxy_pass https://thruway_websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_ssl_certificate /etc/letsencrypt/live/test.thruway.local/fullchain.pem;
proxy_ssl_certificate_key /etc/letsencrypt/live/test.thruway.local/privkey.pem;
}
# not sure if this is needed here. Tried with and without.
ssl_certificate /etc/letsencrypt/live/test.thruway.local/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.thruway.local/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
端口已打开,请求似乎可以通过:
# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
9190/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
9190/tcp (v6) ALLOW Anywhere (v6)
我正在使用 AutobahnJS 向端口 9190 发出请求:
new autobahn.Connection( {
url: 'wss://test.thruway.local:9190',
realm: 'test'
} );
nginx access log有一个条目,告诉我它明明是连接...但是日志本身就是一堆乱七八糟的ASCII码,而且NGINX returns error 400.
类似这样的东西(IP 已更改):
111.111.11.111 - - [08/Sep/2021:12:57:24 +0200] "\x10\x04\x01\x02\x00\x01\x00\x00\xF0\x03\x02.\xA0\x90\xD1\x10\xA5\xF0\x8C\xF2 (... etc)" 400 182 "-" "-"
一切正常,但只使用 ws 而不是 wss。我尝试了几次调整,尝试了所有我能找到的 material - 似乎没有任何效果。
无论我尝试什么,我总是得到:
"Firefox can’t establish a connection to the server at
wss://test.thruway.local:9190/."
有谁知道我可以尝试使这项工作成功吗?感谢您提供任何想法,我没有办法尝试。
我想我明白这里遗漏了什么:
server {
ssl on;
}
我仍在测试更改,但有了这个,日志不再是乱码,连接似乎工作正常。
我正在尝试建立“wss”连接以在 NGINX 上工作。 “ws”,没有 SSL,工作正常。
(我把实际的项目域名换成了“test.thruway.local”)
这是 nginx 配置:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream thruway_websocket {
server 127.0.0.1:9090;
}
server {
listen 9190;
listen [::]:9190;
server_name test.thruway.local;
access_log /var/log/nginx/test.thruway.access_log;
error_log /var/log/nginx/test.thruway.error_log;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# tried both "https://" and "http://"
proxy_pass https://thruway_websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_ssl_certificate /etc/letsencrypt/live/test.thruway.local/fullchain.pem;
proxy_ssl_certificate_key /etc/letsencrypt/live/test.thruway.local/privkey.pem;
}
# not sure if this is needed here. Tried with and without.
ssl_certificate /etc/letsencrypt/live/test.thruway.local/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.thruway.local/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
端口已打开,请求似乎可以通过:
# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
9190/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
9190/tcp (v6) ALLOW Anywhere (v6)
我正在使用 AutobahnJS 向端口 9190 发出请求:
new autobahn.Connection( {
url: 'wss://test.thruway.local:9190',
realm: 'test'
} );
nginx access log有一个条目,告诉我它明明是连接...但是日志本身就是一堆乱七八糟的ASCII码,而且NGINX returns error 400.
类似这样的东西(IP 已更改):
111.111.11.111 - - [08/Sep/2021:12:57:24 +0200] "\x10\x04\x01\x02\x00\x01\x00\x00\xF0\x03\x02.\xA0\x90\xD1\x10\xA5\xF0\x8C\xF2 (... etc)" 400 182 "-" "-"
一切正常,但只使用 ws 而不是 wss。我尝试了几次调整,尝试了所有我能找到的 material - 似乎没有任何效果。
无论我尝试什么,我总是得到:
"Firefox can’t establish a connection to the server at wss://test.thruway.local:9190/."
有谁知道我可以尝试使这项工作成功吗?感谢您提供任何想法,我没有办法尝试。
我想我明白这里遗漏了什么:
server {
ssl on;
}
我仍在测试更改,但有了这个,日志不再是乱码,连接似乎工作正常。