1

我正在尝试获得一个“wss”连接来通过 NGINX 工作。没有 SSL 的“ws”可以正常工作。

(我用“test.thruway.local”替换了实际的项目域名)

这是 nginx 配置:

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

upstream thruway_websocket {
        server 127.0.0.1:9090;
}

server {
        listen 9190;
        listen [::]:9190;

        server_name test.thruway.local;

        access_log /var/log/nginx/test.thruway.access_log;
        error_log /var/log/nginx/test.thruway.error_log;

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                # tried both "https://" and "http://"
                proxy_pass https://thruway_websocket;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header Host $host;

                proxy_ssl_certificate /etc/letsencrypt/live/test.thruway.local/fullchain.pem;
                proxy_ssl_certificate_key /etc/letsencrypt/live/test.thruway.local/privkey.pem;
        }

    # not sure if this is needed here. Tried with and without.
    ssl_certificate /etc/letsencrypt/live/test.thruway.local/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/test.thruway.local/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

端口已打开,请求似乎通过:

# ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
9190/tcp                   ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
9190/tcp (v6)              ALLOW       Anywhere (v6) 

我正在使用 AutobahnJS 向端口 9190 发出请求:

new autobahn.Connection( {
  url: 'wss://test.thruway.local:9190',
  realm: 'test'
} );

nginx 访问日志记录了一个条目,告诉我它显然正在连接......但日志本身是一堆乱七八糟的 ASCII 代码,并且NGINX 返回错误 400

像这样的东西(IP改变):

111.111.11.111 - - [08/Sep/2021:12:57:24 +0200] "\x10\x04\x01\x02\x00\x01\x00\x00\xF0\x03\x02.\xA0\x90\xD1\x10\xA5\xF0\x8C\xF2 (... etc)" 400 182 "-" "-"

一切正常,同时只使用 ws 而不是 wss。我尝试了几次调整,浏览了我能找到的任何材料——似乎没有任何效果。

无论我尝试什么,我总是得到:

“Firefox 无法与位于 wss://test.thruway.local:9190/ 的服务器建立连接。”

有谁知道我可以尝试做什么?我很感谢任何想法,我没有东西可以尝试。

4

1 回答 1

0

我想我知道这里缺少什么:

server {
     ssl on;
}

我仍在测试更改,但有了这个,日志不再是乱码,连接似乎工作正常。

于 2021-09-09T08:15:40.623 回答