I. Introduction
In the past two days, the development and testing of the real-time refresh function of sales data was completed. I happily deployed it to the production environment. Then I was dumbfounded. I couldn't connect to the WebSocket server. The browser requested the header Provisional headers are shown information, and then used a Series operation troubleshooting.
Links
2、WebSocket Practice Part 2 Protocol Analysis
2. Steps to troubleshoot problems
1. It is suspected that the 8098 port corresponding to the server WebSocket is closed by the firewall. Log in to AWS to view the inbound and outbound rules. Inbound allows 8098, and outbound allows all ports.
2. Check the startup status of port 8098 on the server side, netstat -anp | grep:8098, and then find that the protocol listening on port 8098 is TCP6. Check the inbound and outbound access rules and find that there is only IP4 and no IP6, but the inbound and outbound rules cannot set IP6, and then in Added -Djava.net.preferIPv4Stack=true to the java command parameters and restarted, but it still didn't work.
Note: In fact, monitoring is normal on TCP6, and TCP6 is very compatible with TCP4.
3. Use telnet server address 8098 directly on the local machine, and you can connect normally, indicating that the remote server port is not restricted. At this time, I was dumbfounded again.
4. If you suspect that there is a problem with the WebSocket server code written in Java, then use One of the minimalist node.js server examples of WebSocket actual combat was deployed, but it was found that the connection could not be made. .
5. At this time, I began to doubt whether the server had received the data packet. I used tcpdump to monitor port 8098 and found that no data packet came in at all. The command is as follows: tcpdump -ieth0 port 8098.
6. Roll back the code, go home and sleep. Anyway, it’s not a big deal if the data is not refreshed in real time.
7. After finishing some work the next day, I thought about changing the browser and tried it. I used Safari, and I was able to connect. .
8. Finally, we found that all our technical staff have configured PAC. Because our application is deployed in AWS Sydney, it cannot be accessed without configuring VPN. Turning off VPN is completely normal.
Note: A strange problem here is that the VPN configuration should be for the entire computer. I don’t know why Safari does not use VPN.
3. PAC file
When we use some VPNs, it will provide a PAC file, and then you configure the file URL in the automatic proxy configuration. A PAC file contains a function "FindProxyForURL(url, host)" in JavaScript form. This function returns a string containing one or more access rules. The user agent applies a specific proxy or direct access according to these rules. Multiple access rules provide alternative fallback access methods when a proxy server becomes unresponsive. The browser first accesses this PAC file before accessing other pages. A PAC file is roughly as follows.
4. websocket and PAC
If the unencrypted WebSocket traffic is transmitted to the WebSocket server through a transparent proxy, the connection is likely to fail in practice, because in this case some of the data will be stripped when the proxy server forwards the request to the (WebSocket) server. Specific message headers, including Connection header.
But not all proxy servers follow the HTTP standard in terms of expected proxy behavior. For example, some proxy servers are configured not to remove the Connection: Upgrade header and transmit it to the WebSocket server, which in turn sends a 101 Web Socket Protocol Handshake response. The problem arises when the client or server starts sending the first WebSocket frame. Because this frame of data is different from anything the proxy server expects (such as regular HTTP traffic), some exceptions may occur unless the proxy server is specifically configured to handle WebSocket traffic.
Note: Later, the email VPN provider promised to adjust the proxy rules, but it still didn't work. If someone has relevant experience on WeChat, I can provide a solution. Is it possible to specify websocket traffic in the client code to bypass all proxies? Thank you. Please read RFC6455 when you have time.