Here we are using WorkerMan framework, the server is CentOS, Web server is Apache, development language is PHP.
Because WSS is a combination of WebSocket and SSL, so the need to prepare in advance SSL certificates corresponding to the domain name, under normal circumstances is three certificate file, such as the following:
SSLCertificateFile "/www/wwwroot/test.crt"
SSLCertificateKeyFile "/www/wwwroot/test.key"
SSLCertificateChainFile "/www/wwwroot/test-ca-bundle.crt"
Well, let's go!
WSS protocol environment to build long connection can port access
I have to port number 39001 (must access the firewall white list), for example, the following code:
<? PHP
. require_once __DIR__ '/Workerman/Autoloader.php';
use Workerman \ Worker;
// certificate is the best application for a certificate
$ context = Array (
'ssl' => Array (
// use the absolute path
'local_cert' => '/www/wwwroot/test.pem', // file may be a crt
'local_pk' => '/www/wwwroot/test.key',
'the verify_peer' => to false,
// 'allow_self_signed' => true, // if it is a self-signed certificate need to turn this option
)
);
// set here is websocket protocol (any port, but the need to ensure not being used by another program)
$ worker = new new worker ( 'websocket: //0.0. 0.0: 39001 ', $ context);
// open transport provided ssl, websocket + ssl i.e. WSS
$ worker-> transport ='ssl';ssl';
$worker->onMessage = function($con, $msg) {
$con->send('ok');
};
Worker::runAll();
After the completion of this building, Workerman listens to port 39001 of the wss agreement, the client can connect to workerman for secure instant messaging through wss agreement.
The client test connection code below, you can press F12 to open by opening the chrome browser debugging console, enter in column Console, or put the following code into the html page to run with js.
. 1 WS = new new a WebSocket ( "WSS: //www.bojuwang.net: 39001" ); 2 ws.onopen = function () { . 3 Alert ( "the WSS successful connection" ); . 4 ws.send ( 'Boju network' ); . 5 Alert ( "a string sent to the server: Boju network" ); . 6 }; . 7 ws.onmessage = function (E) { . 8 Alert ( "the service end message is received:" + E. Data); 9 };
Handshaking process if 404 or 503 error, usually the problem program, please check your own appearance. 200 returned an overall successful connection.
So we built a complete WSS environment, can be used. But the program is still relatively small WSS special, because it does not allow the use of 443 (the default SSL port services) outside the port, that is, we can only use this wss: //www.bojuwang.net connection URL can not be used this way wss ported: //www.bojuwang.net: 39001. This requires us to use the Apache proxy service, to solve this problem.
WSS protocol structures applet long connection environment (without port)
First, let's create a listener WebSocket 39001, and then through the Apache proxy ws agreement into wss agreement.
Create a listener using Workerman
<? PHP
. require_once __DIR__ '/workerman/Autoloader.php';
use Workerman \ Worker;
use Workerman \ Lib \ the Timer;
$ ws_worker = new new Worker ( "the WebSocket: //0.0.0.0: 39001");
$ ws_worker-> . 4 = COUNT;
// sent to the client when the client receives the data sent by $ data, processing
$ ws_worker-> the onMessage = function (Connection $, $ data)
{
// send message to the client
$ connection-> Send (. '. 5,' $ Data ',. 1'.);
};
// run worker
the worker :: runAll ();
This time we use the above test method to connect ws URL protocol can be successful, then convert ws into wss. First enable the Apache SSL proxy configuration and connection module, this step is very important, if not enabled, the agent will not be effective.
Enable specific method to find the apache httpd.conf, enable the agent module, as follows:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
And then enable SSL secure connection:
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
In this particular connection configuration file httpd-ssl.conf. Then we find httpd-ssl.conf file as follows:
Listen 443
<VirtualHost *:443>
# Proxy Config
SSLProxyEngine on
ProxyRequests Off
DocumentRoot "/www/wwwroot/"
ServerName www.bojuwang.net:443
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile "/www/wwwroot/test.crt"
SSLCertificateKeyFile "/www/wwwroot/test.key"
SSLCertificateChainFile "/www/wwwroot/test-ca-bundle.crt"
<Directory "/www/wwwroot/">
AllowOverride All
Require all granted
</Directory>
ProxyPass / ws://0.0.0.0:39001
ProxyPassReverse / ws://0.0.0.0:39001
</VirtualHost>
Do not listen port configuration process is repeated, otherwise it will error restart apache.
Each proxy path certificate path should pay attention to, otherwise it will be an error.
At this point, you're done!
This time to 443 server listens for SSL requests will be proxied to 39001 long connection ports for the WSS protocol.
