我正在运行 laravel 7 并尝试使用 ssl 与 nginx 代理一起运行 laravel-websockets。 不幸的是,在我配置完我所面对的一切之后
与“wss://www.rabter.com:6001/app/174e625ceea907e9e63c?protocol=7&client=js&version=4.3.1&flash=false”的 WebSocket 连接失败:WebSocket 握手期间出错:意外响应代码:502
在实现 ssl 之前一切正常
/config/websockets.php
use BeyondCode\LaravelWebSockets\Dashboard\Http\Middleware\Authorize;
return [
'dashboard' => [
'port' => env('LARAVEL_WEBSOCKETS_PORT', 6001),
],
'apps' => [
[
'id' => env('PUSHER_APP_ID'),
'name' => env('APP_NAME'),
'key' => env('PUSHER_APP_KEY','174e625ceea907e9e63c'),
'secret' => env('PUSHER_APP_SECRET'),
'path' => env('PUSHER_APP_PATH'),
'capacity' => null,
'enable_client_messages' => true,
'enable_statistics' => true,
],
],
'app_provider' => BeyondCode\LaravelWebSockets\Apps\ConfigAppProvider::class,
'allowed_origins' => [
//
],
'max_request_size_in_kb' => 250,
'path' => 'laravel-websockets',
'middleware' => [
'web',
'api',
Authorize::class,
],
'statistics' => [
'model' => \BeyondCode\LaravelWebSockets\Statistics\Models\WebSocketsStatisticsEntry::class,
'interval_in_seconds' => 60,
'delete_statistics_older_than_days' => 60,
'perform_dns_lookup' => true,
],
'ssl' => [
'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),
'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),
'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),
],
'channel_manager' => \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManagers\ArrayChannelManager::class,
];
`
/config/broadcasting.php
`
'default' => env('BROADCAST_DRIVER', 'pusher'),
'connections' => [
'pusher' => [
'driver' => 'pusher',
'key' => env('PUSHER_APP_KEY'),
'secret' => env('PUSHER_APP_SECRET'),
'app_id' => env('PUSHER_APP_ID'),
'options' => [
'cluster' => env('PUSHER_APP_CLUSTER'),
'host' => '127.0.0.1',
'port' => 6001,
'scheme' => 'https',
],
],
'redis' => [
'driver' => 'redis',
'connection' => 'default',
],
'log' => [
'driver' => 'log',
],
'null' => [
'driver' => 'null',
],
],
];
/etc/nginx/conf.d/vhosts/rabter.com.ssl.conf
listen 45.82.136.131:443 ssl;
server_name rabter.com;
return 301 https://www.rabter.com$request_uri;
}
server {
listen 45.82.136.131:443 ssl;
server_name www.rabter.com;
ssl_certificate /etc/pki/tls/certs/rabter.com.bundle;
ssl_certificate_key /etc/pki/tls/private/rabter.com.key;
root /home/rabter/core/public/;
index index.php;
access_log /var/log/nginx/rabter.com.bytes bytes;
access_log /var/log/nginx/rabter.com.log combined;
error_log /var/log/nginx/rabter.com.error.log error;
location / {
proxy_set_header Connection "keep-alive";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_http_version 1.1;
proxy_pass https://45.82.136.131:3000$uri;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_intercept_errors on;
error_page 404 = @php;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location @php {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 45.82.136.131:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
upstream websocket {
server 127.0.0.1:6001;
}
server {
listen 6001 ssl;
ssl_certificate /etc/myssl/certs/rabter.com.bundle;
ssl_certificate_key etc/myssl/private/rabter.com.key;
location / {
proxy_pass https://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_connect_timeout 43200000;
}
}
laravel-echo 配置
broadcaster: 'pusher',
key: process.env.MIX_PUSHER_APP_KEY,
cluster: process.env.MIX_PUSHER_APP_CLUSTER,
wsHost:'rabter.com',
wsPort:6001,
wssPort: 6001,
disableStats: true,
encrypted: true,
authEndpoint: process.env.CLIENT_URL + '/api/broadcasting/auth',
enabledTransports: ['ws', 'wss'],
}],
我将 nuxtjs 作为前端运行并坚持了一个多月。
非常感谢任何帮助
最佳答案
我现在的配置是在 ssl 上工作,所以我共享每个文件。我会在最后给出一个简短的解释。
开始之前确保您已经从 YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.ssl.conf 复制了自己的完整 ssl_ciphers(如果有的话)。
Laravel V8 ,LaravelWebSocket 版本 1.4,pusher 4.0
Websockets.php:
<?php
use BeyondCode\LaravelWebSockets\Dashboard\Http\Middleware\Authorize;
return [
/*
* Set a custom dashboard configuration
*/
'dashboard' => [
'port' => env('LARAVEL_WEBSOCKETS_PORT', 6001),
],
/*
* This package comes with multi tenancy out of the box. Here you can
* configure the different apps that can use the webSockets server.
*
* Optionally you specify capacity so you can limit the maximum
* concurrent connections for a specific app.
*
* Optionally you can disable client events so clients cannot send
* messages to each other via the webSockets.
*/
'apps' => [
[
'id' => env('PUSHER_APP_ID'),
'name' => env('APP_NAME'),
'key' => env('PUSHER_APP_KEY'),
'secret' => env('PUSHER_APP_SECRET'),
'path' => env('PUSHER_APP_PATH'),
'capacity' => null,
'enable_client_messages' => true,
'enable_statistics' => true,
],
],
/*
* This class is responsible for finding the apps. The default provider
* will use the apps defined in this config file.
*
* You can create a custom provider by implementing the
* `AppProvider` interface.
*/
'app_provider' => BeyondCode\LaravelWebSockets\Apps\ConfigAppProvider::class,
/*
* This array contains the hosts of which you want to allow incoming requests.
* Leave this empty if you want to accept requests from all hosts.
*/
'allowed_origins' => [
//
],
/*
* The maximum request size in kilobytes that is allowed for an incoming WebSocket request.
*/
'max_request_size_in_kb' => 250,
/*
* This path will be used to register the necessary routes for the package.
*/
'path' => 'laravel-websockets',
/*
* Dashboard Routes Middleware
*
* These middleware will be assigned to every dashboard route, giving you
* the chance to add your own middleware to this list or change any of
* the existing middleware. Or, you can simply stick with this list.
*/
'middleware' => [
'web',
'api',
Authorize::class,
],
'statistics' => [
/*
* This model will be used to store the statistics of the WebSocketsServer.
* The only requirement is that the model should extend
* `WebSocketsStatisticsEntry` provided by this package.
*/
'model' => \BeyondCode\LaravelWebSockets\Statistics\Models\WebSocketsStatisticsEntry::class,
/*
* Here you can specify the interval in seconds at which statistics should be logged.
*/
'interval_in_seconds' => 60,
/*
* When the clean-command is executed, all recorded statistics older than
* the number of days specified here will be deleted.
*/
'delete_statistics_older_than_days' => 60,
/*
* Use an DNS resolver to make the requests to the statistics logger
* default is to resolve everything to 127.0.0.1.
*/
'perform_dns_lookup' => false,
],
/*
* Define the optional SSL context for your WebSocket connections.
* You can see all available options at: http://php.net/manual/en/context.ssl.php
*/
'ssl' => [
/*
* Path to local certificate file on filesystem. It must be a PEM encoded file which
* contains your certificate and private key. It can optionally contain the
* certificate chain of issuers. The private key also may be contained
* in a separate file specified by local_pk.
*/
'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),
/*
* Path to local private key file on filesystem in case of separate files for
* certificate (local_cert) and private key.
*/
'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),
/*
* Passphrase for your local_cert file.
*/
'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),
// 'verify_peer' => false,
],
/*
* Channel Manager
* This class handles how channel persistence is handled.
* By default, persistence is stored in an array by the running webserver.
* The only requirement is that the class should implement
* `ChannelManager` interface provided by this package.
*/
'channel_manager' => \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManagers\ArrayChannelManager::class,
];
广播.php:
<?php
return [
'default' => env('BROADCAST_DRIVER', 'pusher'),
'connections' => [
'pusher' => [
'driver' => 'pusher',
'key' => env('PUSHER_APP_KEY'),
'secret' => env('PUSHER_APP_SECRET'),
'app_id' => env('PUSHER_APP_ID'),
'options' => [
'cluster' => env('PUSHER_APP_CLUSTER'),
'host' => '127.0.0.1',
'port' => 6001,
'scheme' => 'https',
'encrypted' => true,
],
],
'redis' => [
'driver' => 'redis',
'connection' => 'default',
],
'log' => [
'driver' => 'log',
],
'null' => [
'driver' => 'null',
],
],
];
nuxt.config.js:
buildModules: [
//The start of part that must be included in your buildModules
['@nuxtjs/laravel-echo',{
broadcaster: 'pusher',
key: process.env.MIX_PUSHER_APP_KEY,
cluster: process.env.MIX_PUSHER_APP_CLUSTER,
wsHost:'www.example.com',
wsPort:6001,
wssPort:6001,
enabledTransports: ['ws', 'wss'],
disableStats: true,
encrypted: true,
}]
//End
]
Nginx YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.ssl.conf:
server {
listen zzz:zzz:zzz:zzz:443 ssl http2;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen zzz:zzz:zzz:zzz:443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/pki/tls/certs/example.bundle;
ssl_certificate_key /etc/pki/tls/private/example.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers YOUR CIPHERS
ssl_prefer_server_ciphers on;
root /home/example/core/public/;
index index.php;
access_log /var/log/nginx/example.com.bytes bytes;
access_log /var/log/nginx/example.com.log combined;
error_log /var/log/nginx/example.com.error.log error;
location / {
proxy_set_header Connection "keep-alive";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_http_version 1.1;
proxy_pass https://zzz:zzz:zzz:zzz:3000$uri;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
location @php {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_intercept_errors on;
error_page 404 = @php;
}
location ~ /app/ {
return 404;
}
}
Nginx YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.conf:
server {
listen zzz.zzz.zzz:80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
对于 nginx 配置,如果你运行的是 centos 7,请尝试在终端中复制它
cd/etc/nginx/conf.d/vhosts 点击回车然后 ls 你会看到 YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.conf 和 YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.ssl.conf
上面提供了哪些代码,
- 请记住,您已将
example更改为您的域名zzz应该是你的服务器 IP 地址 - 如果您的互联网 IP 地址不正确,您也可以在
zzz上尝试 127.0.0.1 工作 - 请记住检查它可能是的
root和logs地址 和我的不一样 fastcgi_pass也可以是 localIP 或 internetIP,这对我来说是 在我进行涉及后端/前端/服务器更新但现在是 localIP 的重大更新之前的 internetIP
设置后确保重启 nginx 和 websocket 服务并执行 php artisan 缓存和配置清除。之后做一个新的 nuxt 构建并通过链接连接到你的 laravel-websockets https://www.example.com/laravel-websockets
我将此配置用于 nginx+nuxtjs+laravel+laravel-websocket+pusher 上带有 ssl 的站点
希望这个回答能让你连接成功
关于带有 nuxt 和 nginx 反向代理的 laravel websocket 返回 502,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62369212/