通过宝塔配置workermna wss服务
2023年10月3日
https://www.workerman.net/doc/workerman/appendices/about-websocket.html
https://www.workerman.net/doc/workerman/faq/secure-websocket-server.html
apache。
准备工作:
1、GatewayWorker 监听 8181 端口(websocket协议)
2、已经申请了ssl证书, 假设放在了/www/server/panel/vhost/cert/luqihong.com/下
3、利用apache转发443端口至指定端口8181
4、httpd-ssl.conf 已加载
5、openssl 已安装
启用 proxy_wstunnel_module 模块
1 2 |
<span class="typ">LoadModule</span><span class="pln"> proxy_module modules</span><span class="pun">/</span><span class="pln">mod_proxy</span><span class="pun">.</span><span class="pln">so </span><span class="typ">LoadModule</span><span class="pln"> proxy_wstunnel_module modules</span><span class="pun">/</span><span class="pln">mod_proxy_wstunnel</span><span class="pun">.</span><span class="pln">so</span> |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
<VirtualHost *:80> ServerAdmin webmaster@example.com DocumentRoot "/www/wwwroot/luqihong.com" ServerName a7ba26de.luqihong.com ServerAlias luqihong.com www.luqihong.com #errorDocument 404 /404.html ErrorLog "/www/wwwlogs/luqihong.com-error_log" CustomLog "/www/wwwlogs/luqihong.com-access_log" combined #HTTP_TO_HTTPS_START <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301] </IfModule> #HTTP_TO_HTTPS_END #DENY FILES <Files ~ (\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)$> Order allow,deny Deny from all </Files> #PHP <FilesMatch \.php$> SetHandler "proxy:unix:/tmp/php-cgi-72.sock|fcgi://localhost" </FilesMatch> #PATH <Directory "/www/wwwroot/luqihong.com"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Require all granted DirectoryIndex index.php index.html index.htm default.php default.html default.htm </Directory> </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@example.com DocumentRoot "/www/wwwroot/luqihong.com/" ServerName SSL.luqihong.com ServerAlias www.luqihong.com luqihong.com #errorDocument 404 /404.html ErrorLog "/www/wwwlogs/luqihong.com-error_log" CustomLog "/www/wwwlogs/luqihong.com-access_log" combined #SSL SSLEngine On SSLCertificateFile /www/server/panel/vhost/cert/luqihong.com/fullchain.pem SSLCertificateKeyFile /www/server/panel/vhost/cert/luqihong.com/privkey.pem SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLProtocol All -SSLv2 -SSLv3 -TLSv1 SSLHonorCipherOrder On # Proxy Config SSLProxyEngine on ProxyRequests Off ProxyPass /wss ws://127.0.0.1:8181 ProxyPassReverse /wss ws://127.0.0.1:8181 #PHP <FilesMatch \.php$> SetHandler "proxy:unix:/tmp/php-cgi-72.sock|fcgi://localhost" </FilesMatch> #DENY FILES <Files ~ (\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)$> Order allow,deny Deny from all </Files> #PATH <Directory "/www/wwwroot/luqihong.com/"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Require all granted DirectoryIndex index.php index.html index.htm default.php default.html default.htm </Directory> </VirtualHost> |
nginx
1 2 3 4 5 6 7 8 |
location /wss { proxy_pass http://127.0.0.1:8071; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr; } |
客户端
1 2 3 4 5 6 7 8 9 10 11 |
// 证书是会检查域名的,请使用域名连接。注意这里不写端口 ws = new WebSocket("wss://域名.com/wss"); ws.onopen = function() { alert("连接成功"); ws.send('tom'); alert("给服务端发送一个字符串:tom"); }; ws.onmessage = function(e) { alert("收到服务端的消息:" + e.data); }; |