phpsocketio nginx ssl 配置

天的一邊 更新于2019-01-24

server {
??????? listen 80;
??????? root /home/wei/test;
??????? index index.html index.htm index.php;
??????? server_name test.net;

??????? error_page 404 /index/error;

??????? if (!-e $request_filename){
??????????????? rewrite ^/(.*) /index.php last;
??????? }

??????? client_max_body_size? 128m;
??????? location ~ \.php$ {
??????????????? fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
??????????????? fastcgi_index index.php;

??????????????? include fastcgi_params;
??????? }

}
server {? ?
?? ??? ?listen 443;
?? ??? ?server_name test.net;
?? ??? ?root /home/wei/test;
?? ??? ?index index.html index.htm index.php;
?? ??? ?ssl????????????????? on; ?
?? ??? ?ssl_certificate????? cert/dev-rocket.pem; ?
?? ??? ?ssl_certificate_key? cert/dev-rocket.key;
?? ??? ?ssl_session_timeout 5m;
?? ??? ?ssl_session_cache shared:SSL:50m;
?? ??? ?ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
?? ??? ?ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
?? ??? ?error_page 404 /index/error;
?? ??? ?location /socket.io
? ?? ??? ?{?? ?
?? ??? ??? ?proxy_pass http://0.0.0.0:2120;
?? ??? ??? ?proxy_http_version 1.1;
?? ??? ??? ?proxy_set_header Upgrade $http_upgrade;
?? ??? ??? ?proxy_set_header Connection "Upgrade";
?? ??? ??? ?proxy_set_header X-Real-IP $remote_addr;
? ?? ??? ?}?? ??? ?
?? ??? ?if (!-e $request_filename){
?? ??? ??? ??? ?rewrite ^/(.*) /index.php last;
?? ??? ?}? ?
?? ??? ?client_max_body_size? 128m;
?? ??? ?location ~ \.php$ {
?? ??? ??? ??? ?fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
?? ??? ??? ??? ?fastcgi_index index.php;
?? ??? ??? ??? ?include fastcgi_params;
?? ??? ?}? ?
?? ?}

nginx? 一直報(bào)錯(cuò)?

2019/01/23 17:53:24  57419#0: *3 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.186.1, server: test.net, request: "GET /socket.io/?EIO=3&transport=polling&t=MXw8ElN HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php5.6-fpm.sock:", host: "test.net", referrer: "https://test.net/web-msg-sender/web/index.html"

http沒問題，加了ssl就出錯(cuò)了
?
如果采用workman原生發(fā)現(xiàn)下面的錯(cuò)誤

$context = array(
    'ssl' => array(
        'local_cert'  => '/etc/nginx/cert/dev-rocket.pem',
        'local_pk'    => '/etc/nginx/cert/dev-rocket.key',
        'verify_peer' => false,
        'allow_self_signed' => true,
    )
);
$sender_io = new SocketIO(2120,$context);

SSL handshake error: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

 4225  4 0

4個(gè)回答

six 2019-01-24

nginx配置了ssl，phpsocket.io就不用配置ssl了，都配置就沖突了

天的一邊 2019-01-24

你好，我邊是分著配置的，是先試的原始workman的ssl，報(bào)錯(cuò)又試的nginx的配置，嘗試一種的時(shí)候另一種是注釋的了，另外看下兩邊的報(bào)錯(cuò)好像都是key不對，但是這個(gè)key配置在nginx是可以正常https訪問網(wǎng)頁的

six 2019-01-24

proxy_pass http://0.0.0.0:2120;
我看到手冊里這句好像不是 0.0.0.0

天的一邊 2019-01-24

不是，手冊寫的127.0.0.1，那個(gè)是我后來改的，但是nginx錯(cuò)誤都是一樣的

天的一邊 2019-01-24

nginx配置找到原因了，因?yàn)?br /> ?if (!-e $request_filename){?? ??? ??? ??? ?rewrite ^/(.) /index.php last;
?? ??? ?}??
這個(gè)找不到文件優(yōu)先去找php了，
改成這樣就好了
location / {
????????????????? if (!-e $request_filename) {
???????????????????????? rewrite ^/(.) /index.php last;
????????????????? }????? ?
????????? }
但是現(xiàn)在還是沒找到workman原生報(bào)的錯(cuò)誤

暫無評論

天的一邊 2019-01-24

現(xiàn)在懷疑我生成的ssl是走的TLSv1 協(xié)議，但是原生workman走的是sslv3 協(xié)議，不過個(gè)人對網(wǎng)絡(luò)協(xié)議這一塊小白一枚，不清楚怎么下一步確認(rèn)問題，現(xiàn)在嘗試生成新的ssl key

phpcreeper 2019-01-24

說反了是， workerman 層面已經(jīng)不支持SSLv3協(xié)議，你這個(gè)問題的原因要么是證書有問題，要么就是客戶端使用了SSLv3協(xié)議所致，另外nginx是支持SSLv3的所以不會有問題。
今天我剛在github提了個(gè)相關(guān)的issue，你可以參考下：
https://github.com/walkor/Workerman/issues/399
天的一邊 2019-01-25

謝謝， $type = STREAM_CRYPTO_METHOD_SSLv2_SERVER | STREAM_CRYPTO_METHOD_SSLv23_SERVER; 這里的代碼我也看到了，學(xué)藝不深，我還以為這里的意思是支持sslv3，不支持TSLv1呢，這里我也嘗試加入STREAM_CRYPTO_METHOD_TLSv1_0_SERVER 結(jié)果出現(xiàn)別的錯(cuò)誤，現(xiàn)在忙于業(yè)務(wù)，稍后驗(yàn)證下，再次感謝