我已经解决这个问题好几个小时了,但找不到任何解决方案。
我有一个socket.io服务器在nodejs上运行,监听非SSL端口8080,启动如下:
var io = require('socket.io').listen(8080);
我通过Apache连接到socket.io服务器,使用代理:
<VirtualHost *:443>
ServerName www.mysite.com
DocumentRoot /var/www/vhosts/mysite
ErrorLog logs/mysite.log
TransferLog logs/ssl.access.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
SSLCertificateChainFile /etc/pki/tls/certs/geotrust.crt
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyRequests Off
ProxyPass /socket.io http://localhost:8080/socket.io
ProxyPassReverse /socket.io http://localhost:8080/socket.io
在客户端,我打开带有以下代码的socket.io连接:
var socket = io.connect('https://'+hostname, {secure:true});
从用户的角度来看,一切都很好,除了我的Apache日志中有很多错误消息:
[ssl:error] [pid 15080] [remote 127.0.0.1:443] AH01961: SSL Proxy requested for www.mysite.com:443 but not enabled [Hint: SSLProxyEngine]
[proxy:error] [pid 15080] AH00961: HTTPS: failed to enable ssl support for 127.0.0.1:443 (www.mysite.com)
我意识到我没有使用"SSLProxy Engine on"选项,但这是故意的。如果我把它打开,就什么都不起作用了。
我只想将通过SSL端口443向Apache发出的请求重定向到端口8080(同一主机)上的非SSL套接字.io。这个端口8080对外部连接关闭,如果可能的话,我不希望在Apache和nodejs之间使用SSL,并消除所有这些无用的错误消息。
有人能帮我吗?;)
如下ssl 的Websocket apache代理问题
您必须在上编辑apachesite.conf
SSLUseStapling on
ProxyRequests Off
ProxyPreserveHost on
ProxyPass /socket.io http://localhost:8080/socket.io
ProxyPassReverse /socket.io http://localhost:8080/socket.io
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RequestHeader set Front-End-Https "On"
var proxy = require('http-proxy').createProxyServer();
var fs = require('fs');
express = require('express.io');
app = express();
var SSloptions = {
key: fs.readFileSync('/var/www/node/certificados/mig.xxx.key'),
cert: fs.readFileSync('/var/www/node/certificados/xxxx.crt'),
ca: [
fs.readFileSync('/var/www/node/certificados/gd_bundle-xxxx.crt')
],
rejectUnauthorized: false,
requestCert: true,
agent: false,
strictSSL: false
};
app.https(SSloptions).io();
app.all('*', function(req, res){
proxy.web(req, res, {
target: 'https://localhost:4443',
secure: true
});
});
app.listen(14443);