在一次测试项目的部署过程中,需要使用到websocket。本来是简单的一次复制粘贴配置,没想到搞了一下午加班2小时。

这个项目有多个接口,之前调试了一个websocket接口,并使用在线检测手段测试通过。

代码如下

upstream ws-xxx {
    server 127.0.0.1:7003 weight=2 max_fails=3 fail_timeout=20s;
}

map $http_upgrade $conn_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name xxx;
    access_log /var/log/nginx/xxx.a.log main;
    error_log /var/log/nginx/xxx.e.log;
    location /ngx_status {
        stub_status on;
        access_log off;
    }
    location / {
        proxy_pass http://ws-xxx;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-real-ip $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    listen 192.168.23.225:443 ssl;
    server_name xxx;
    access_log /var/log/nginx/xxx.a.log main;
    error_log /var/log/nginx/xxx.e.log;
    ssl_certificate /etc/nginx/cert.d/xxx.crt;
    ssl_certificate_key /etc/nginx/cert.d/xxx.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://ws-xxx;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_read_timeout 120s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-real-ip $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Set-Cookie "Path=/; HttpOnly; Secure";
        if ($request_uri ~* "css$|js$|png$|jpg$") {
            add_header Cache-Control max-age=86400;
        }
    }

    location /ws {
        proxy_pass http://ws-xxx;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $conn_upgrade;
    }
}

其中,最终要的配置就是如下几行

# http代码块配置
upstream ws-xxx {
    server 127.0.0.1:7003 weight=2 max_fails=3 fail_timeout=20s;
}

# server代码块配置
        location /ws {
            proxy_pass http://ws-xxx;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $conn_upgrade;
        }

但是呢,拷贝的时候,不知道怎么改成了

# server代码块配置
        location /ws {
            proxy_pass http://ws-xxx;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connetion $conn_upgrade;
        }

这就不行了。

最后又是抓包,又是与成功的websocket抓包结果进行对比,才发现了问题。
过程中,还学会了websocket的使用。

异常的结果如下:

websocat wss://xxx/websocket/00b0523dd0b947678595440b8f3fc55a -vv
GET /websocket/00b0523dd0b947678595440b8f3fc55a HTTP/1.1
Upgrade: websocket
Connetion: upgrade
Connection: close
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: BcxZxSyRtG2W2FD935an6g==

HTTP/1.1 400 
Transfer-Encoding: chunked
Date: Mon, 22 Apr 2024 10:25:08 GMT
Connection: close

0

正常的结果如下:

websocat wss://xxx/websocket/00b0523dd0b947678595440b8f3fc55a -vv
GET /websocket/00b0523dd0b947678595440b8f3fc55a HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: yCdv+bGFL2PcSqRCKNlA6g==

HTTP/1.1 400 
Transfer-Encoding: chunked
Date: Mon, 22 Apr 2024 10:33:15 GMT
Connection: close

0

你能一眼看出问题么?

不过,经过这件事,对于websocket的配置以及抓包分析手法又熟悉了一遍。

远程抓包:通过在linux desktop本地使用terminal执行ssh+wireshark命令实现将ssh服务器指定端口的数据包.
其中,在这个场景中需要注意,网卡br-15e76d60d57e是容器服务网卡的网关桥接的网卡。

wireshark -k -i <(ssh root@192.168.124.91 "tcpdump -s 0 -U -n -w - -i br-15e76d60d57e port 8009")

websocket检测: 使用webscoket软件进行websocket检测。

# 下载地址:
https://github.com/vi/websocat/releases/tag/v1.13.0

# 123pan下载地址
http://vip.123pan.cn/1815238395/download/websocket/v1.13.0/websocat.x86_64-unknown-linux-musl
最后修改:2024 年 05 月 11 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏