實現基於SSL的安全的WebSocket。

NGINX配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
server {
listen 4431;
server_name ws.sample.com;
ssl on;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
location /
{
proxy_pass http://127.0.0.1:4759;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 60s;
}
}

常見問題

連不上或連接時報錯

WebSocket network error: OSStatus Error -9807: Invalid certificate chain

如果使用的是自簽證書或者證書針對的域名和連接所指定的不符,會出這種問題。

wss一分鐘自動斷開

NGINX里設置proxy_read_timeout或者程序實現心跳。