如何从ssl网站通过https加载socketio?

问题描述 投票:0回答:2

我有一个 HTTP Nodejs/socketio 服务器在端口 3001 上成功运行。我正在尝试从使用 certbot 加密的 SSL 网站访问服务器(让我们加密)。

当我访问 

https//:example.com/index.html
时,我看到 404 错误 :

获取https://www.example.com:8000/socket.io/socket.io.js net::ERR_ABORTED 404(未找到)

我一直在阅读关于使用 mod_proxy 配置 apache herehere。然而,根据 nodejs 文档,所需要的只是我拥有的 pem 文件。

我觉得我在追自己的尾巴,我需要帮助。我花了近一周的时间进行研究并尝试不同的方法。我又回到了第一方。有人运行过 https 服务器并通过 SSL 网站成功访问过它吗?下面是所有相关代码。

服务器.js

const express = require('express');
const app = express();
const https = require('https');
const fs = require('fs');

// This line is from the Node.js HTTPS documentation.
var options = {
    key: fs.readFileSync('../ssl/privkey.pem'),//etc/letsencrypt/
    cert: fs.readFileSync('../ssl/cert.pem')
  };

const sslserver = https.createServer(options,app);

//establish connection
io.on('connection', (socket) => {

//requests

});

//listening for https
sslserver.listen(8000, () => {
console.log('listening on *: 8000');
});

index.html

<!DOCTYPE html>
<html>

<head>

<title>My Web App </title>

<meta charset="utf-8">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="initial-scale=1, width=device-width, viewport-fit=cover">
<meta name="color-scheme" content="light dark">
</head>

<body >


<p>Welcome to web app</p>
<p>login now</p>

</body>

</html>
<!--SCRIPTS-->
<script src="cordova.js"></script>
<script src="https://www.example.com:8000/socket.io/socket.io.js"></script>
<script type="text/javascript">
var socket = io.connect('https://www.example.com:8000', {'multiplex': false});
</script>
node.js https socket.io http-status-code-403
2个回答
2
投票

如果您在 server.js 中使用凭据,则应该侦听端口 443。否则,您只需侦听自定义端口,然后为其创建反向代理。

例如:

server.js(直接监听443/80)

const express = require('express');
const app = express();
var http = require('http');
const https = require('https');
const fs = require('fs');

// This line is from the Node.js HTTPS documentation.
var options = {
    key: fs.readFileSync('../ssl/privkey.pem'), //etc/letsencrypt/
    cert: fs.readFileSync('../ssl/cert.pem')
};

const port = process.env.PORT || 80;
const sercure_port = 443;

// use on server with https

var httpServer = http.createServer((req, res) => {
    res.writeHead(301, { Location: `https://${req.headers.host}${req.url}` });
    res.end();
});
http.createServer(function (req, res) {
    res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url});
res.end();
})
var httpsServer = https.createServer(options, app);

const io_server = require('socket.io')(httpsServer);

httpServer.listen(port, () => {
    console.log('http server listening on port ' + port);
});

httpsServer.listen(sercure_port, () => {
    console.log('https server listening on port ' + sercure_port);
});

server.js(监听自定义端口)

const express = require('express');
const app = express();
const http = require('http');
const fs = require('fs');
var options = {
    key: fs.readFileSync('../ssl/privkey.pem'), //etc/letsencrypt/
    cert: fs.readFileSync('../ssl/cert.pem')
};
var port = process.env.PORT || 8080;

http.createServer(function (req, res) {
    res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url});
    res.end();
})
var httpsServer = http.createServer(options, app);

const io_server = require('socket.io')(httpsServer);

httpsServer.listen(port, () => {
    console.log('https server listening on port ' + port);
});

NGINX 预留代理

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
    

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    ssl_certificate path-to-crt.crt;
    ssl_certificate_key path-to-key.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

   #Load configuration files for the default server block.
   include /etc/nginx/default.d/*.conf;

   error_page 404 /404.html;
       location = /40x.html {
   }

   error_page 500 502 503 504 /50x.html;
       location = /50x.html {
   }
}
0
投票

从受信任的证书颁发机构获取证书(用于生产) 对于生产环境,建议从受信任的证书颁发机构 (CA)(例如 Let's Encrypt)获取证书。 将 Certbot 与 Let's Encrypt 结合使用: 安装证书机器人: 按照 Certbot 网站上的说明为您的服务器操作系统安装 Certbot。

生成证书: sudo certbot certonly --standalone -d yourdomain.com

将 yourdomain.com 替换为您的实际域名。 Certbot 将生成证书并将其放置在 /etc/letsencrypt/live/yourdomain.com/ 中。

查找证书文件:

证书文件将位于: /etc/letsencrypt/live/yourdomain.com/fullchain.pem # 证书文件 /etc/letsencrypt/live/yourdomain.com/privkey.pem # 私钥

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.