swoole启用wss连接服务的检查步骤:
1、wss应用,发起websocket连接的页面必须使用https
2、浏览器不信任的ssl证书无法使用wss
----即站点需要支持https访问,且需要浏览器信任的ssl证书
3、必须支持PEM格式,不支持DER格式,可使用openssl工具进行转换
4、编译swoole时需加入--enable-openssl选项,可通过以下命名查看swoole是否启用openssl
$php --ri swoole
swoole
swoole support => enabled
Version => 1.10.1
Author => tianfeng.han[email: mikan.tenny@gmail.com]
epoll => enabled
eventfd => enabled
timerfd => enabled
signalfd => enabled
cpu affinity => enabled
spinlock => enabled
rwlock => enabled
async http/websocket client => enabled
openssl => enabled
Linux Native AIO => enabled
pcre => enabled
zlib => enabled
mutex_timedlock => enabled
pthread_barrier => enabled
futex => enabled
Directive => Local Value => Master Value
swoole.aio_thread_num => 2 => 2
swoole.display_errors => On => On
swoole.use_namespace => Off => Off
swoole.fast_serialize => Off => Off
swoole.unixsock_buffer_size => 8388608 => 8388608
swoole编译安装(我安装1.10.2版本应该默认开启openssl的)
参考:https://my.oschina.net/u/125977/blog/1570073
5、启动websocket ssl模式
$setConfig = [
'ssl_key_file' => '/usr/local/nginx/conf/server.key',
'ssl_cert_file' => '/usr/local/nginx/conf/server.crt'
];
$server = new \swoole_websocket_server("127.0.0.1", 9501, SWOOLE_BASE, SWOOLE_SOCK_TCP | SWOOLE_SSL);
$server->set($setConfig);
SSL免费证书申请及nginx环境下配置(基于腾讯云)
1、https://console.qcloud.com,找到云产品-》SSL证书管理
2、进入“申请证书”-》选择免费DVSSL证书
3、填写你的域名信息,后面下一步,下一步,然后等待审核通过即可得到一个免费的证书
4、下载证书到服务器上
5、配置nginx支持ssl(示例为在反向代理中添加ssl支持配置)
server {
listen 80;
listen 443;
server_name ktvme.banyanx.cn;
ssl on;
ssl_certificate /www/xxxx/nginx/ssl/1_ktvme.banyanx.cn_bundle.crt;
ssl_certificate_key /www/xxxx/nginx/ssl/2_ktvme.banyanx.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /www/xxxx/ktvme.banyanx.cn.log;
#反向代理配置
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:82;
proxy_redirect off;
}
}
重启nginx即可 $nginx -s reload