Loading... 在一次测试项目的部署过程中,需要使用到websocket。本来是简单的一次复制粘贴配置,没想到搞了一下午加班2小时。 这个项目有多个接口,之前调试了一个websocket接口,并使用在线检测手段测试通过。 代码如下 ``` upstream ws-xxx { server 127.0.0.1:7003 weight=2 max_fails=3 fail_timeout=20s; } map $http_upgrade $conn_upgrade { default upgrade; '' close; } server { listen 80; server_name xxx; access_log /var/log/nginx/xxx.a.log main; error_log /var/log/nginx/xxx.e.log; location /ngx_status { stub_status on; access_log off; } location / { proxy_pass http://ws-xxx; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 192.168.23.225:443 ssl; server_name xxx; access_log /var/log/nginx/xxx.a.log main; error_log /var/log/nginx/xxx.e.log; ssl_certificate /etc/nginx/cert.d/xxx.crt; ssl_certificate_key /etc/nginx/cert.d/xxx.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://ws-xxx; proxy_set_header Host $host; proxy_http_version 1.1; proxy_read_timeout 120s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Set-Cookie "Path=/; HttpOnly; Secure"; if ($request_uri ~* "css$|js$|png$|jpg$") { add_header Cache-Control max-age=86400; } } location /ws { proxy_pass http://ws-xxx; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $conn_upgrade; } } ``` 其中,最终要的配置就是如下几行 ``` # http代码块配置 upstream ws-xxx { server 127.0.0.1:7003 weight=2 max_fails=3 fail_timeout=20s; } # server代码块配置 location /ws { proxy_pass http://ws-xxx; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $conn_upgrade; } ``` 但是呢,拷贝的时候,不知道怎么改成了 ``` # server代码块配置 location /ws { proxy_pass http://ws-xxx; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connetion $conn_upgrade; } ``` 这就不行了。 最后又是抓包,又是与成功的websocket抓包结果进行对比,才发现了问题。 过程中,还学会了websocket的使用。 异常的结果如下: ``` websocat wss://xxx/websocket/00b0523dd0b947678595440b8f3fc55a -vv GET /websocket/00b0523dd0b947678595440b8f3fc55a HTTP/1.1 Upgrade: websocket Connetion: upgrade Connection: close Sec-WebSocket-Version: 13 Sec-WebSocket-Key: BcxZxSyRtG2W2FD935an6g== HTTP/1.1 400 Transfer-Encoding: chunked Date: Mon, 22 Apr 2024 10:25:08 GMT Connection: close 0 ``` 正常的结果如下: ``` websocat wss://xxx/websocket/00b0523dd0b947678595440b8f3fc55a -vv GET /websocket/00b0523dd0b947678595440b8f3fc55a HTTP/1.1 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Version: 13 Sec-WebSocket-Key: yCdv+bGFL2PcSqRCKNlA6g== HTTP/1.1 400 Transfer-Encoding: chunked Date: Mon, 22 Apr 2024 10:33:15 GMT Connection: close 0 ``` 你能一眼看出问题么? 不过,经过这件事,对于websocket的配置以及抓包分析手法又熟悉了一遍。 远程抓包:通过在linux desktop本地使用terminal执行ssh+wireshark命令实现将ssh服务器指定端口的数据包. 其中,在这个场景中需要注意,网卡br-15e76d60d57e是容器服务网卡的网关桥接的网卡。 ``` wireshark -k -i <(ssh root@192.168.124.91 "tcpdump -s 0 -U -n -w - -i br-15e76d60d57e port 8009") ``` websocket检测: 使用webscoket软件进行websocket检测。 ``` # 下载地址: https://github.com/vi/websocat/releases/tag/v1.13.0 # 123pan下载地址 http://vip.123pan.cn/1815238395/download/websocket/v1.13.0/websocat.x86_64-unknown-linux-musl ``` 最后修改:2024 年 05 月 11 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏