小贝子编程

rails电缆建立连接时出错:net::ERR_SSL_PROTOCOL_Error



我有一个rails 6应用程序,带有/ccable websocket和nginx反向代理

我把和另一个服务器(谁工作得很好(相同的配置:

正在生产.rb

config.action_cable.url                     = 'wss://domain.fr:8001/cable'
config.action_cable.allowed_request_origins = ['https://domain.fr', 'http://domain.fr']
config.action_cable.mount_path              = '/cable'

在路线中:

mount ActionCable.server => '/cable'

在JS中:

ActionCable.createConsumer 'wss://domain.fr:8001/cable'

代理:

server {
listen   443 ssl http2;
server_name domain.fr;
if ($host ~ '^www.') { return 301 https://domain.fr$request_uri; }
ssl_certificate /etc/letsencrypt/live/domain.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.fr/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/domain.fr/fullchain.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /home/liberty/dhparams.pem;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header  X-Forwarded-Ssl on; # Optional
proxy_set_header  X-Forwarded-Port $server_port;
proxy_set_header  X-Forwarded-Host $host;

location / {
proxy_pass         http://127.0.0.1:90;
}
location /cable {
proxy_pass         http://127.0.0.1:8001;
}

access_log  /var/log/rsh_proxy.access.log;
error_log  /var/log/rsh_proxy.error.log;
location ~*^.+(swf|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
proxy_pass http://127.0.0.1:90;
proxy_cache cache;
proxy_cache_valid 9999d;
expires max;
}
}

vhost:

server {
listen 8001 default_server;
listen [::]:8001 default_server ipv6only=on;
server_name domain.fr;
root /var/www/domain/public;
passenger_enabled on;
passenger_app_group_name MYAPP_action_cable;
passenger_app_type rack;
passenger_startup_file cable/config.ru;
passenger_force_max_concurrent_requests_per_process 0;
access_log  /var/log/rsh_cable.access.log combined;
error_log  /var/log/rsh_cable.error.log;
}

我尝试重新启动nginx,但没有新的

chrome控制台中的错误:

WebSocket连接到wss://domain.fr:8001/cable'失败:建立连接时出错:net::ERR_SSL_PROTOCOL_Error

PS:防火墙中的端口为打开;(

EDIT:登录/var/log/rsh_cable.access.log示例:

37.170.142.84 - - [29/Jul/2020:02:34:13 +0200] "x16x03x01x02x00x01x00x01xFCx03x03x9Fx19x1ExA7x96xDBCx98x92xCC.<SxBCx02x04JdxB4Mx03uKxA8x1DxEEx0Bx96xA2]x1AxD6 x08x1CxC73/fx8CaAxFD/xAAxFExC1xCBx9A+x9A(8)xD7xE1xB8nRx15!x99xD4^xEAx00x22x9Ax9Ax13x03x13x01x13x02xCCxA9xCCxA8xC0+xC0/xC0,xC00xC0x13xC0x14x00x9Cx00x9Dx00/x005x00" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:17 +0200] "x16x03x01x02x00x01x00x01xFCx03x03" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:32 +0200] "x16x03x01x02x00x01x00x01xFCx03x03YxBDx08ix1Dx9Cx83{x0BxE3x9Ex02Px99xBDJ@xD5xFB50x17 Tx10xB3x09OxFA9x07: xEEx1AxE9xxC3oIxE1xB7bx5CxD3xF8xE1x03xF0x86(xABxB1xB9xEA=dx19xB0ulx8DxF0xEDx8Bx00 xDAxDAx13x03x13x01x13x02xCCxA9xCCxA8xC0+xC0/xC0,xC00xC0x13xC0x14x00x9Cx00x9Dx00/x005x01x00x01x93x9Ax9Ax00x00x00x00x00x0Ex00x0Cx00x00x09domain.frx00x17x00x00xFFx01x00x01x00x00" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:32 +0200] "x16x03x01x02x00x01x00x01xFCx03x03xA30OxF7xF0x09" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:54 +0200] "x16x03x01x02x00x01x00x01xFCx03x03x97x04b" 400 157 "-" "-"
37.170.142.84 - - [29/Jul/2020:02:34:54 +0200] "x16x03x01x02x00x01x00x01xFCx03x03xEAxx19x0BgxEB:Ex13xx87WVdxD4xCFXA-xD4x09vx17xCCxA4xx19xPxCAxABxD8 )x07+xF4xFA=UxB1zxDExD9x1Dx11xCFExF3x97/xC1y!xE7uxE68@&xD7xCFxEBxB5x90x00 JJx13x03x13x01x13x02xCCxA9xCCxA8xC0+xC0/xC0,xC00xC0x13xC0x14x00x9Cx00x9Dx00/x005x01x00x01x93JJx00x00x00x00x00x0Ex00x0Cx00x00x09domain.frx00x17x00x00xFFx01x00x01x00x00" 400 157 "-" "-"

在配置中,您应该指定最终用户可以访问的最终操作电缆url。

由于您正在使用额外的代理,即wss://www.domain.fr/cable,并且您的端口8001应该在防火墙中关闭,除了代理之外的所有端口,因为它不是ssl终止的(因此是ssl错误(

还要确保使用必要的头文件正确代理http1.1:

location /cable {
proxy_pass         http://127.0.0.1:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# not always needed, but in some setups can be necessary:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-By    $server_addr:$server_port;
proxy_set_header X-Real-IP         $remote_addr;
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium