Stunnel安全wss websocket來解開ws套接字

Question

我最近更改我的網站以使用SSL。我所擁有的是一箇舊的websocket服務器腳本，它在端口9300上偵聽，然後由客戶端的瀏覽器通過ws使用javascript調用。現在我的網站已經改變爲https，我必須調用一個wss，但它不起作用。所以我只想將一個安全的wss重定向到一個不安全的ws版本的套接字，所以我不必更改腳本。

我試圖通過使用stunnels來解決這個問題。但我不明白。

握手正在執行似乎存在問題。

的PHP的WebSocket服務器腳本我有基於此混帳 https://github.com/Flynsarmy/PHPWebSocket-Chat

服務器輸出

Restarting SSL tunnels: 2016.02.14 13:44:20 LOG7[4173:140328635270912]: Clients allowed=500 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: stunnel 4.53 on x86_64-pc-linux-gnu platform 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Reading configuration from file /etc/stunnel/stunnel.conf 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Compression not enabled 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Snagged 64 random bytes from /root/.rnd 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Wrote 1024 new random bytes to /root/.rnd 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: PRNG seeded successfully 
2016.02.14 13:44:20 LOG6[4173:140328635270912]: Initializing service section [websocket] 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate: /etc/apache2/ssl/ssl-cert-businessgame.pem 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate loaded 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Key file: /etc/apache2/ssl/ssl-cert-businessgame.key 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Private key loaded 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Could not load DH parameters from /etc/apache2/ssl/ssl-cert-businessgame.pem 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Using hardcoded DH parameters 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: DH initialized with 2048-bit key 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: ECDH initialized with curve prime256v1 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: SSL options set: 0x00000004 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Configuration successful 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Service [websocket] (FD=12) bound to 94.198.160.29:9301 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Created pid file /var/run/stunnel4.pid 
2016.02.14 13:44:47 LOG7[4173:140328635270912]: Service [websocket] accepted (FD=3) from 81.83.185.230:49718 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] started 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Waiting for a libwrap process 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Acquired libwrap process #0 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Releasing libwrap process #0 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Released libwrap process #0 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] permitted by libwrap from 81.83.185.230:49718 
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Service [websocket] accepted connection from 81.83.185.230:49718 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: SSL accepted: new session negotiated 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Compression: null, expansion: null 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: connect_blocking: connecting 127.0.0.1:9300 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: connect_blocking: s_poll_wait 127.0.0.1:9300: waiting 10 seconds 
2016.02.14 13:44:47 LOG3[4173:140328635262720]: connect_blocking: connect 127.0.0.1:9300: Connection refused (111) 
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Local socket (FD=3) closed 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] finished (0 left) 

我stunnel.conf

foreground = yes 
    key = /etc/apache2/ssl/ssl-cert-businessgame.key 
    cert = /etc/apache2/ssl/ssl-cert-businessgame.pem 
    CAfile = /etc/apache2/ssl/ssl-cert-businessgame.pem 
    debug = 7 
    output = /var/log/stunnel_websocket.log 
    [websocket] 
    accept = businessgame.be:9301 
    connect = 9300 

客戶端瀏覽器控制檯：

WebSocket connection to 'wss://businessgame.be:9301/socket/server.php' failed: Error in connection establishment: net::ERR_SOCKET_NOT_CONNECTED 

我正在使用與我用於SSL的相同的證書。我也用自己生成的密鑰和證書文件嘗試過，但沒有運氣。我得到相同的錯誤，握手失敗。

Answer 1

所以問題不在於通道，但我不得不改變服務器設置套接字的方式。我曾經將其創建爲域：端口，但必須將其更改爲本地主機：端口

所以在server.php文件，我不得不改變

// start the server 
$Server = new PHPWebSocket(); 
$Server->bind('message', 'wsOnMessage'); 
$Server->bind('open', 'wsOnOpen'); 
$Server->bind('close', 'wsOnClose'); 
// for other computers to connect, you will probably need to change this to your LAN IP or external IP, 
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME'])) 
$Server->wsStartServer('businessgame.be', 9300); 

到

// start the server 
$Server = new PHPWebSocket(); 
$Server->bind('message', 'wsOnMessage'); 
$Server->bind('open', 'wsOnOpen'); 
$Server->bind('close', 'wsOnClose'); 
// for other computers to connect, you will probably need to change this to your LAN IP or external IP, 
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME'])) 
$Server->wsStartServer('localhost', 9300);