0

我最近更改了我的网站以使用 SSL。我拥有的是一个在端口 9300 上侦听的旧 websocket 服务器脚本,然后客户端的浏览器通过 ws 使用 javascript 调用该脚本。现在我的网站已更改为 https,我必须调用 wss 但它不起作用。所以我只想将一个安全的 wss 重定向到一个不安全的 ws 版本的套接字,这样我就不必更改脚本。

我试图通过使用 stunnels 来解决这个问题。但我不明白。

正在执行的握手中似乎存在问题。

我拥有的 PHP Websocket 服务器脚本基于这个 git https://github.com/Flynsarmy/PHPWebSocket-Chat

服务器打印

Restarting SSL tunnels: 2016.02.14 13:44:20 LOG7[4173:140328635270912]: Clients allowed=500
2016.02.14 13:44:20 LOG5[4173:140328635270912]: stunnel 4.53 on x86_64-pc-linux-gnu platform
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Reading configuration from file /etc/stunnel/stunnel.conf
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Compression not enabled
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Snagged 64 random bytes from /root/.rnd
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Wrote 1024 new random bytes to /root/.rnd
2016.02.14 13:44:20 LOG7[4173:140328635270912]: PRNG seeded successfully
2016.02.14 13:44:20 LOG6[4173:140328635270912]: Initializing service section [websocket]
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate: /etc/apache2/ssl/ssl-cert-businessgame.pem
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate loaded
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Key file: /etc/apache2/ssl/ssl-cert-businessgame.key
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Private key loaded
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Could not load DH parameters from /etc/apache2/ssl/ssl-cert-businessgame.pem
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Using hardcoded DH parameters
2016.02.14 13:44:20 LOG7[4173:140328635270912]: DH initialized with 2048-bit key
2016.02.14 13:44:20 LOG7[4173:140328635270912]: ECDH initialized with curve prime256v1
2016.02.14 13:44:20 LOG7[4173:140328635270912]: SSL options set: 0x00000004
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Configuration successful
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Service [websocket] (FD=12) bound to 94.198.160.29:9301
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Created pid file /var/run/stunnel4.pid
2016.02.14 13:44:47 LOG7[4173:140328635270912]: Service [websocket] accepted (FD=3) from 81.83.185.230:49718
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] started
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Waiting for a libwrap process
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Acquired libwrap process #0
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Releasing libwrap process #0
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Released libwrap process #0
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] permitted by libwrap from 81.83.185.230:49718
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Service [websocket] accepted connection from 81.83.185.230:49718
2016.02.14 13:44:47 LOG6[4173:140328635262720]: SSL accepted: new session negotiated
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Compression: null, expansion: null
2016.02.14 13:44:47 LOG6[4173:140328635262720]: connect_blocking: connecting 127.0.0.1:9300
2016.02.14 13:44:47 LOG7[4173:140328635262720]: connect_blocking: s_poll_wait 127.0.0.1:9300: waiting 10 seconds
2016.02.14 13:44:47 LOG3[4173:140328635262720]: connect_blocking: connect 127.0.0.1:9300: Connection refused (111)
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Local socket (FD=3) closed
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] finished (0 left)

我的 stunnel.conf

 foreground = yes
    key = /etc/apache2/ssl/ssl-cert-businessgame.key
    cert =  /etc/apache2/ssl/ssl-cert-businessgame.pem
    CAfile = /etc/apache2/ssl/ssl-cert-businessgame.pem
    debug = 7
    output = /var/log/stunnel_websocket.log
    [websocket]
    accept = businessgame.be:9301
    connect = 9300

客户端浏览器控制台:

WebSocket connection to 'wss://businessgame.be:9301/socket/server.php' failed: Error in connection establishment: net::ERR_SOCKET_NOT_CONNECTED

我使用的证书与我用于 SSL 的证书相同。我也尝试使用自生成的密钥和证书文件,但没有运气。我得到同样的错误,握手失败。

4

1 回答 1

1

所以问题不在于通道,但我不得不改变服务器设置套接字的方式。我曾经将其创建为 domain:port 但必须将其更改为 localhost:port

所以在 server.php 文件中我不得不改变

 // start the server
$Server = new PHPWebSocket();
$Server->bind('message', 'wsOnMessage');
$Server->bind('open', 'wsOnOpen');
$Server->bind('close', 'wsOnClose');
// for other computers to connect, you will probably need to change this to your LAN IP or external IP,
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME']))
$Server->wsStartServer('businessgame.be', 9300);


 // start the server
$Server = new PHPWebSocket();
$Server->bind('message', 'wsOnMessage');
$Server->bind('open', 'wsOnOpen');
$Server->bind('close', 'wsOnClose');
// for other computers to connect, you will probably need to change this to your LAN IP or external IP,
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME']))
$Server->wsStartServer('localhost', 9300);
于 2016-02-14T21:41:29.080 回答