In addition to using Workerman's own SSL , you can also use nginx/apache as a wss proxy to forward to workerman
I just fell into this big pit (nginx/apache proxy wss, do not set ssl in workerman part, otherwise you will not be able to connect, two methods choose 1) The official recommendation is to use nginx/apache proxy wss
If it is a WeChat applet, add a legal domain name
Format: wss://domain name
Do not add / at the end, you can: port
nginx configuration reference
Prerequisites and preparations:
1. nginx has been installed, the version is not lower than 1.3
2. Suppose Workerman is listening on port 8282 (websocket protocol)
3. The certificate (pem/crt file and key file) has been applied for and placed under /etc/nginx/conf.d/ssl
4. It is planned to use nginx to open port 443 to provide wss proxy service to the outside world (the port can be modified as needed)
5. Nginx is generally used as a website server to run other services. In order not to affect the use of the original site, the address is used here 域名/wss
as the proxy entrance of wss. That is, the client connection address is wss://domain name/wss
The nginx configuration is similar to the following :
# websockets 友情提示可以放在伪静态那,安全点
location /wss {
proxy_pass http://127.0.0.1:9527;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
Test link address
wss://domain name/wss, /wss is the location /wss corresponding to the reverse proxy
wss://域名/wss
Use apache proxy wss
You can also use apache as a wss proxy to forward to workerman (note that if you use apache to proxy SSL, the workerman part must not set ssl, otherwise it will not be able to connect).
Preparation:
1. GatewayWorker listens to port 8282 (websocket protocol)
2. The ssl certificate has been applied for and placed under /server/httpd/cert/
3. Use apache to forward port 443 to designated port 8282
4. httpd-ssl.conf has been loaded
5. openssl has been installed
Enable proxy_wstunnel_module module
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Configure SSL and Proxy
#extra/httpd-ssl.conf
DocumentRoot "/网站/目录"
ServerName 域名
# Proxy Config
SSLProxyEngine on
ProxyRequests Off
ProxyPass /wss ws://127.0.0.1:8282/wss
ProxyPassReverse /wss ws://127.0.0.1:8282/wss
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile /server/httpd/cert/your.pem
# 证书私钥配置
SSLCertificateKeyFile /server/httpd/cert/your.key
# 证书链配置,
SSLCertificateChainFile /server/httpd/cert/chain.pem
test
wss://域名/wss