nginx 通过 https 代理到 gunicorn 的 websockets 给出 400（错误请求）

Question

我在我的 Flask Web 应用程序中建立 websocket 时遇到问题。

在客户端，我每秒向服务器发送一个“ping”websocket 事件。在浏览器控制台中，我每秒都会看到以下错误

POST https://example.com/socket.io/?EIO=3&transport=polling&t=LOkVYzQ&sid=88b5202cf38f40879ddfc6ce36322233 400 (BAD REQUEST)

GET https://example.com/socket.io/?EIO=3&transport=polling&t=LOkVZLN&sid=5a355bbccb6f4f05bd46379066876955 400 (BAD REQUEST)

WebSocket connection to 'wss://example.com/socket.io/?EIO=3&transport=websocket&sid=5a355bbccb6f4f05bd46379066876955' failed: WebSocket is closed before the connection is established.

我有以下nginx.conf

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

upstream app_server {

    # for UNIX domain socket setups
    server unix:/pathtowebapp/gunicorn.sock fail_timeout=0;

}

server {

    listen 443 ssl;

    server_name example.com www.example.com;

    keepalive_timeout 5;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    charset     utf-8;
    client_max_body_size 30M;

    location / {
        try_files $uri @proxy_to_app;
    }

    location /socket.io {
      proxy_pass http://app_server;
      proxy_redirect off;

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Upgrade websocket;
      proxy_set_header Connection "upgrade";
      proxy_read_timeout 86400;
      proxy_buffering off;
      proxy_headers_hash_max_size 1024;

    }


    location /static {
        alias /pathtowebapp/webapp/static;
    }

    location @proxy_to_app {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # enable this if and only if you use HTTPS
        proxy_set_header X-Forwarded-Proto https;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header Host $http_host;

        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        #proxy_buffering off;
        proxy_pass http://app_server;

    }

}

我一直在寻找在 gunicorn 前面使用 nginx 使用 https 的 websocket 示例。

我的网页加载了，虽然 websocket 连接不成功。

客户端 websocket 是使用以下 javascript 建立的：

var socket = io.connect('https://' + document.domain + ':' + location.port + namespace);

这是我的gunicorn.conf

import multiprocessing

bind = 'unix:/pathtowebapp/gunicorn.sock'
workers = multiprocessing.cpu_count() * 2 + 1
worker_class = 'eventlet'

[EDIT] 如果我按照Flask-IO documentation 中的方式配置 nginx 并运行(env)$ python deploy_app.py，那么它就可以工作。但我的印象是，这不像我之前提到的设置那样适合生产

Answer 1

问题是您在 gunicorn 上运行多个工人。这不是当前支持的配置，因为 gunicorn 中非常有限的负载均衡器不支持粘性会话。文档参考：https://flask-socketio.readthedocs.io/en/latest/#gunicorn-web-server.

改为运行多个 gunicorn 实例，每个实例有一个 worker，然后使用 ip_hash 方法设置 nginx 进行负载平衡，以便会话具有粘性。

另外，如果您不知道，如果您运行多个服务器，您还需要运行一个消息队列，以便进程可以协调。这也包含在上面的文档链接中。