0

我正在尝试使用 SSL 设置 apache 作为 oTree 应用程序的反向代理。oTree 是一个基于 django 的社会科学实验框架,也使用 django 频道。反向代理通常可以工作,但我遇到了 websockets 的问题。

我的 apache 配置是

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost

ServerName myurl.net
ProxyRequests Off
ServerAdmin webmaster@localhost
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/

SSLEngine on
SSLProxyEngine on
RewriteEngine On
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) wss://127.0.0.1:8000/$1 [P,L]

ServerName myurl.net
SSLCertificateFile /etc/letsencrypt/live/myurl.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myurl.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

我在apache中收到以下错误

[Wed Jan 06 15:42:51.137016 2021] [proxy:error] [pid 5573:tid 140468195309312] [client myip] AH00898: Error during SSL Handshake with remote server returned by /no_op/
[Wed Jan 06 15:42:59.029500 2021] [proxy:error] [pid 5574:tid 140468096587520] (20014)Internal error (specific information not available): [client myip] AH01084: pass request body failed to 127.0.0.1:8000 (127.0.0.1)

在我的浏览器中,我收到以下错误。

(index):94 WebSocket connection to 'wss://myurl.net/create_demo_session/' failed: Error during WebSocket handshake: Unexpected response code: 500

有谁知道我错过了什么?

编辑:作为参考,以下 NGINX 配置有效:

server {
    listen 443 ssl;
    server_name _;

    ssl on;
    ssl_certificate "mycertificate";
    ssl_certificate_key "mycertificate";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header        Connection $connection_upgrade;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Host $server_name;
        proxy_http_version 1.1;
        proxy_set_header Connection $http_connection;
        
    }
}
4

1 回答 1

1

如果您想在主机的子域上运行oTree,以便可以与托管在同一台机器上的其他站点共享端口 80,您可以尝试以下配置。以下示例假设 oTree 服务器在端口 8000 上运行。对于 HTTPS,将 80 到 443 ws 前缀更改为wss:

<VirtualHost *:80>
    ServerName otree.domain.com
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    RewriteEngine On
    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]
于 2021-05-05T11:25:45.570 回答