带有 nuxt 和 nginx 反向代理的 laravel websocket 返回 502

Question

我正在运行 laravel 7 并尝试使用 ssl 使用 nginx 代理运行 laravel-websockets。 不幸的是，在我配置了我所面临的一切之后

WebSocket connection to 'wss://www.rabter.com:6001/app/174e625ceea907e9e63c?protocol=7&client=js&version=4.3.1&flash=false' failed: Error during WebSocket handshake: Unexpected response code: 502

在实施 ssl 之前一切正常

/config/websockets.php

use BeyondCode\LaravelWebSockets\Dashboard\Http\Middleware\Authorize;

return [

    'dashboard' => [
        'port' => env('LARAVEL_WEBSOCKETS_PORT', 6001),
    ],

    'apps' => [
        [
            'id' => env('PUSHER_APP_ID'),
            'name' => env('APP_NAME'),
            'key' => env('PUSHER_APP_KEY','174e625ceea907e9e63c'),
            'secret' => env('PUSHER_APP_SECRET'),
            'path' => env('PUSHER_APP_PATH'),
            'capacity' => null,
            'enable_client_messages' => true,
            'enable_statistics' => true,
        ],
 ],
    'app_provider' => BeyondCode\LaravelWebSockets\Apps\ConfigAppProvider::class,
   'allowed_origins' => [
        //
    ],
 'max_request_size_in_kb' => 250,
 'path' => 'laravel-websockets',
 'middleware' => [
        'web',
            'api',
        Authorize::class,
    ],

    'statistics' => [

        'model' => \BeyondCode\LaravelWebSockets\Statistics\Models\WebSocketsStatisticsEntry::class,

        'interval_in_seconds' => 60,
          'delete_statistics_older_than_days' => 60,
        'perform_dns_lookup' => true,
    ],

    'ssl' => [

        'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),
        'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),
        'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),
    ],
    'channel_manager' => \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManagers\ArrayChannelManager::class,
];
`
/config/broadcasting.php
`
'default' => env('BROADCAST_DRIVER', 'pusher'),
 'connections' => [
        'pusher' => [
            'driver' => 'pusher',
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'app_id' => env('PUSHER_APP_ID'),
            'options' => [
                'cluster' => env('PUSHER_APP_CLUSTER'),
       'host' => '127.0.0.1',
        'port' => 6001,
        'scheme' => 'https',
            ],
        ],
        'redis' => [
            'driver' => 'redis',
            'connection' => 'default',
        ],
        'log' => [
            'driver' => 'log',
        ],
        'null' => [
            'driver' => 'null',
        ],
    ],
];

/etc/nginx/conf.d/vhosts/rabter.com.ssl.conf

  listen 45.82.136.131:443 ssl;
    server_name rabter.com;
        return 301 https://www.rabter.com$request_uri;

}
server {
    listen 45.82.136.131:443 ssl;
    server_name www.rabter.com;
    ssl_certificate /etc/pki/tls/certs/rabter.com.bundle;
    ssl_certificate_key /etc/pki/tls/private/rabter.com.key;
      root /home/rabter/core/public/;
        index index.php;
        access_log /var/log/nginx/rabter.com.bytes bytes;
       access_log /var/log/nginx/rabter.com.log combined;
      error_log /var/log/nginx/rabter.com.error.log error;

location / {
    proxy_set_header                Connection "keep-alive";
    proxy_set_header                Upgrade $http_upgrade;
    proxy_set_header                Connection 'upgrade';
    proxy_http_version              1.1;
    proxy_pass                      https://45.82.136.131:3000$uri;
    proxy_connect_timeout            300;
    proxy_send_timeout               300;
    proxy_read_timeout               300;
    send_timeout                     300;
    proxy_intercept_errors on;
    error_page                      404 = @php;

proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}

location @php {
    try_files                       $uri $uri/  /index.php?$query_string;
}


location ~ \.php$ {
    fastcgi_split_path_info         ^(.+\.php)(/.+)$;
    fastcgi_pass                    45.82.136.131:9000;
    fastcgi_index                   index.php;
    include                         fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors        off;
    fastcgi_buffer_size             16k;
    fastcgi_buffers                 4 16k;
    fastcgi_connect_timeout         300;
    fastcgi_send_timeout            300;
    fastcgi_read_timeout            300;
 proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;

}

}
    upstream websocket {
        server 127.0.0.1:6001;

    }

    server {

        listen 6001 ssl;
        ssl_certificate /etc/myssl/certs/rabter.com.bundle;
        ssl_certificate_key etc/myssl/private/rabter.com.key;

        location / {
            proxy_pass https://websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
        proxy_connect_timeout 43200000;
        }
    }

laravel-echo 配置

      broadcaster: 'pusher',
      key: process.env.MIX_PUSHER_APP_KEY,
      cluster: process.env.MIX_PUSHER_APP_CLUSTER,
      wsHost:'rabter.com',
      wsPort:6001,
      wssPort: 6001,
      disableStats: true,
      encrypted: true,
      authEndpoint: process.env.CLIENT_URL + '/api/broadcasting/auth',
      enabledTransports: ['ws', 'wss'],
    }],

我将 nuxtjs 作为前端运行，并在此问题上停留了一个多月。

任何帮助将不胜感激

Answer 1

我现在的配置是在ssl上工作，所以我分享每个文件。我会在最后做一个简短的解释。

开始之前确保您已从 YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.ssl.conf 中复制了您自己的完整 ssl_ciphers（如果有）。

Laravel V8，LaravelWebSocket 1.4 版，推送器 4.0

Websockets.php：

<?php

use BeyondCode\LaravelWebSockets\Dashboard\Http\Middleware\Authorize;

return [

    /*
     * Set a custom dashboard configuration
     */
    'dashboard' => [
        'port' => env('LARAVEL_WEBSOCKETS_PORT', 6001),
    ],

    /*
     * This package comes with multi tenancy out of the box. Here you can
     * configure the different apps that can use the webSockets server.
     *
     * Optionally you specify capacity so you can limit the maximum
     * concurrent connections for a specific app.
     *
     * Optionally you can disable client events so clients cannot send
     * messages to each other via the webSockets.
     */
    'apps' => [
        [
            'id' => env('PUSHER_APP_ID'),
            'name' => env('APP_NAME'),
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'path' => env('PUSHER_APP_PATH'),
            'capacity' => null,
            'enable_client_messages' => true,
            'enable_statistics' => true,
        ],
    ],

    /*
     * This class is responsible for finding the apps. The default provider
     * will use the apps defined in this config file.
     *
     * You can create a custom provider by implementing the
     * `AppProvider` interface.
     */
    'app_provider' => BeyondCode\LaravelWebSockets\Apps\ConfigAppProvider::class,

    /*
     * This array contains the hosts of which you want to allow incoming requests.
     * Leave this empty if you want to accept requests from all hosts.
     */
    'allowed_origins' => [
        //
    ],

    /*
     * The maximum request size in kilobytes that is allowed for an incoming WebSocket request.
     */
    'max_request_size_in_kb' => 250,

    /*
     * This path will be used to register the necessary routes for the package.
     */
    'path' => 'laravel-websockets',

    /*
     * Dashboard Routes Middleware
     *
     * These middleware will be assigned to every dashboard route, giving you
     * the chance to add your own middleware to this list or change any of
     * the existing middleware. Or, you can simply stick with this list.
     */
    'middleware' => [
        'web',
            'api',
        Authorize::class,
    ],

    'statistics' => [
        /*
         * This model will be used to store the statistics of the WebSocketsServer.
         * The only requirement is that the model should extend
         * `WebSocketsStatisticsEntry` provided by this package.
         */
        'model' => \BeyondCode\LaravelWebSockets\Statistics\Models\WebSocketsStatisticsEntry::class,

        /*
         * Here you can specify the interval in seconds at which statistics should be logged.
         */
        'interval_in_seconds' => 60,

        /*
         * When the clean-command is executed, all recorded statistics older than
         * the number of days specified here will be deleted.
         */
        'delete_statistics_older_than_days' => 60,

        /*
         * Use an DNS resolver to make the requests to the statistics logger
         * default is to resolve everything to 127.0.0.1.
         */
        'perform_dns_lookup' => false,
    ],

    /*
     * Define the optional SSL context for your WebSocket connections.
     * You can see all available options at: http://php.net/manual/en/context.ssl.php
     */
    'ssl' => [
        /*
         * Path to local certificate file on filesystem. It must be a PEM encoded file which
         * contains your certificate and private key. It can optionally contain the
         * certificate chain of issuers. The private key also may be contained
         * in a separate file specified by local_pk.
         */
        'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),

        /*
         * Path to local private key file on filesystem in case of separate files for
         * certificate (local_cert) and private key.
         */
        'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),

        /*
         * Passphrase for your local_cert file.
         */
        'passphrase' => env('LARAVEL_WEBSOCKETS_SSL_PASSPHRASE', null),
        
     // 'verify_peer' => false,
    ],

    /*
     * Channel Manager
     * This class handles how channel persistence is handled.
     * By default, persistence is stored in an array by the running webserver.
     * The only requirement is that the class should implement
     * `ChannelManager` interface provided by this package.
     */
    'channel_manager' => \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManagers\ArrayChannelManager::class,
];

broadcasting.php：

<?php

return [


    'default' => env('BROADCAST_DRIVER', 'pusher'),

  
    'connections' => [
        'pusher' => [
            'driver' => 'pusher',
            'key' => env('PUSHER_APP_KEY'),
            'secret' => env('PUSHER_APP_SECRET'),
            'app_id' => env('PUSHER_APP_ID'),
            'options' => [
                'cluster' => env('PUSHER_APP_CLUSTER'),
       'host' => '127.0.0.1',
        'port' => 6001,
        'scheme' => 'https',
        'encrypted' => true,
 
            ],
        ],

        'redis' => [
            'driver' => 'redis',
            'connection' => 'default',
        ],

        'log' => [
            'driver' => 'log',
        ],

        'null' => [
            'driver' => 'null',
        ],

    ],

];

nuxt.config.js：

      buildModules: [
    //The start of part that must be included in your buildModules
        ['@nuxtjs/laravel-echo',{
          broadcaster: 'pusher',
          key: process.env.MIX_PUSHER_APP_KEY,
          cluster: process.env.MIX_PUSHER_APP_CLUSTER,
          wsHost:'www.example.com',
          wsPort:6001,
          wssPort:6001,
          enabledTransports: ['ws', 'wss'],
          disableStats: true,
          encrypted: true,
        }]
        //End
         ]

Nginx YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.ssl.conf：

           
          server {
          listen zzz:zzz:zzz:zzz:443 ssl http2;
          server_name example.com;
              return 301 https://www.example.com$request_uri;
       }
       server {
          listen zzz:zzz:zzz:zzz:443 ssl http2;
          server_name www.example.com;
          ssl_certificate /etc/pki/tls/certs/example.bundle;
          ssl_certificate_key /etc/pki/tls/private/example.key;
          ssl_session_timeout       5m;
           ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers YOUR CIPHERS
        ssl_prefer_server_ciphers   on;
        root /home/example/core/public/;
        index index.php;
        access_log /var/log/nginx/example.com.bytes bytes;
        access_log /var/log/nginx/example.com.log combined;
        error_log /var/log/nginx/example.com.error.log error;
    
    location / {
      proxy_set_header                Connection "keep-alive";
        proxy_set_header                Upgrade $http_upgrade;
        proxy_set_header                Connection 'upgrade';
        proxy_http_version              1.1;
        proxy_pass                    https://zzz:zzz:zzz:zzz:3000$uri;
        proxy_connect_timeout            300;
        proxy_send_timeout               300;
        proxy_read_timeout               300;
        send_timeout                     300;
    
    
    }
    
        location @php {
        try_files                       $uri $uri/  /index.php?$query_string;
      }
    
      location ~ \.php$ {
        fastcgi_split_path_info         ^(.+\.php)(/.+)$;
        fastcgi_pass                    127.0.0.1:9000;
        fastcgi_index                   index.php;
        include                         fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors        off;
        fastcgi_buffer_size             16k;
        fastcgi_buffers                 4 16k;
        fastcgi_connect_timeout         300;
        fastcgi_send_timeout            300;
        fastcgi_read_timeout            300;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_intercept_errors on;
        error_page                      404 = @php;
    
    }
    
    location ~ /app/ {
        return 404;
    }
    }

Nginx YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.conf：

server {
  listen zzz.zzz.zzz:80;
    server_name example.com www.example.com;
        return 301 https://www.example.com$request_uri;

}

对于 nginx 配置，如果您正在运行 centos 7，请尝试在终端中复制此内容 cd /etc/nginx/conf.d/vhosts 回车然后ls 你会看到 YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.conf 和 YOUR_SITE_NAME.YOUR_DOMAIN_SUFFIX.ssl.conf 上面提供了哪些代码，

• 请记住，您已将example 更改为您的域名 zzz 应该是您的服务器 IP 地址
• 如果您的互联网 IP 地址没有，您也可以在 zzz 上尝试 127.0.0.1 工作
• 记住检查root 和logs 地址可能是 和我的不一样
• fastcgi_pass 也可以是 localIP 或 internetIP，这对我来说是 在我进行涉及后端/前端/服务器更新但现在是本地IP 的重大更新之前的internetIP

设置完成后确保重启 nginx 和 websocket 服务并执行 php artisan 缓存和配置 clear.after 进行新的 nuxt 构建并通过链接 https://www.example.com/laravel-websockets 连接到您的 laravel-websockets

我将这个配置用于 nginx+nuxtjs+laravel+laravel-websocket+pusher 上的 ssl 站点

希望这个答案能让你成功连接