Stunnel安全wss websocket来解锁ws socket

时间:2016-02-14 12:56:52

标签: linux ssl websocket debian stunnel

我最近更改了我的网站以使用SSL。我所拥有的是一个旧的websocket服务器脚本,它在端口9300上侦听,然后由客户端的浏览器使用javascript通过ws调用。既然我的网站已经改为https,我必须打电话给wss,但它不起作用。所以我只想将一个安全的wss重定向到一个不可靠的ws版本的套接字,所以我不必更改脚本。

我试图通过使用stunnel来解决这个问题。但我说得不对。

正在执行的握手中似乎存在问题。

我所拥有的PHP Websocket服务器脚本基于这个git https://github.com/Flynsarmy/PHPWebSocket-Chat

服务器打印

Restarting SSL tunnels: 2016.02.14 13:44:20 LOG7[4173:140328635270912]: Clients allowed=500
2016.02.14 13:44:20 LOG5[4173:140328635270912]: stunnel 4.53 on x86_64-pc-linux-gnu platform
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Reading configuration from file /etc/stunnel/stunnel.conf
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Compression not enabled
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Snagged 64 random bytes from /root/.rnd
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Wrote 1024 new random bytes to /root/.rnd
2016.02.14 13:44:20 LOG7[4173:140328635270912]: PRNG seeded successfully
2016.02.14 13:44:20 LOG6[4173:140328635270912]: Initializing service section [websocket]
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate: /etc/apache2/ssl/ssl-cert-businessgame.pem
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate loaded
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Key file: /etc/apache2/ssl/ssl-cert-businessgame.key
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Private key loaded
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Could not load DH parameters from /etc/apache2/ssl/ssl-cert-businessgame.pem
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Using hardcoded DH parameters
2016.02.14 13:44:20 LOG7[4173:140328635270912]: DH initialized with 2048-bit key
2016.02.14 13:44:20 LOG7[4173:140328635270912]: ECDH initialized with curve prime256v1
2016.02.14 13:44:20 LOG7[4173:140328635270912]: SSL options set: 0x00000004
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Configuration successful
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Service [websocket] (FD=12) bound to 94.198.160.29:9301
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Created pid file /var/run/stunnel4.pid
2016.02.14 13:44:47 LOG7[4173:140328635270912]: Service [websocket] accepted (FD=3) from 81.83.185.230:49718
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] started
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Waiting for a libwrap process
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Acquired libwrap process #0
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Releasing libwrap process #0
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Released libwrap process #0
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] permitted by libwrap from 81.83.185.230:49718
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Service [websocket] accepted connection from 81.83.185.230:49718
2016.02.14 13:44:47 LOG6[4173:140328635262720]: SSL accepted: new session negotiated
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Compression: null, expansion: null
2016.02.14 13:44:47 LOG6[4173:140328635262720]: connect_blocking: connecting 127.0.0.1:9300
2016.02.14 13:44:47 LOG7[4173:140328635262720]: connect_blocking: s_poll_wait 127.0.0.1:9300: waiting 10 seconds
2016.02.14 13:44:47 LOG3[4173:140328635262720]: connect_blocking: connect 127.0.0.1:9300: Connection refused (111)
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Local socket (FD=3) closed
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] finished (0 left)

我的stunnel.conf 

 foreground = yes
    key = /etc/apache2/ssl/ssl-cert-businessgame.key
    cert =  /etc/apache2/ssl/ssl-cert-businessgame.pem
    CAfile = /etc/apache2/ssl/ssl-cert-businessgame.pem
    debug = 7
    output = /var/log/stunnel_websocket.log
    [websocket]
    accept = businessgame.be:9301
    connect = 9300

客户端浏览器控制台:

WebSocket connection to 'wss://businessgame.be:9301/socket/server.php' failed: Error in connection establishment: net::ERR_SOCKET_NOT_CONNECTED

我使用的证书与我用于SSL的证书相同。我也用自生成的密钥和证书文件尝试了它,但没有运气。我得到相同的错误,握手失败。

1 个答案:

答案 0 :(得分:1)

所以问题不在于stunnel,但我不得不改变服务器设置套接字的方式。我曾经将它创建为domain:port但必须将其更改为localhost:port

所以在server.php文件中我不得不改变

<?php
                $con = new mysqli($servername, $username, $password, $dbname);
                if ($conn->connect_error) {
                    die("Connection failed: " . $conn->connect_error);
                } 

                $username = $_SESSION['username'];
                $sql = "SELECT year, make, model, price FROM user_cars WHERE username=$username"; 
                $result = $con->query($sql);

                if ($result->num_rows > 0) {
                while($row = $result->fetch_assoc()) {
                echo "<tr>";
                echo "<td>" . $row['year']. "</td> <td>" . $row['make']. "</td> <td>" . $row['model']. "</td> <td>" .  $row['price']. "</td>";
                echo "</tr>";
                    }
                }                           
                ?>


 // start the server
$Server = new PHPWebSocket();
$Server->bind('message', 'wsOnMessage');
$Server->bind('open', 'wsOnOpen');
$Server->bind('close', 'wsOnClose');
// for other computers to connect, you will probably need to change this to your LAN IP or external IP,
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME']))
$Server->wsStartServer('businessgame.be', 9300);
相关问题
最新问题