Stunnel安全wss websocket来解开ws套接字

Question

我最近更改我的网站以使用SSL。我所拥有的是一个旧的websocket服务器脚本，它在端口9300上侦听，然后由客户端的浏览器通过ws使用javascript调用。现在我的网站已经改变为https，我必须调用一个wss，但它不起作用。所以我只想将一个安全的wss重定向到一个不安全的ws版本的套接字，所以我不必更改脚本。

我试图通过使用stunnels来解决这个问题。但我不明白。

握手正在执行似乎存在问题。

的PHP的WebSocket服务器脚本我有基于此混帐 https://github.com/Flynsarmy/PHPWebSocket-Chat

服务器输出

Restarting SSL tunnels: 2016.02.14 13:44:20 LOG7[4173:140328635270912]: Clients allowed=500 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: stunnel 4.53 on x86_64-pc-linux-gnu platform 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Reading configuration from file /etc/stunnel/stunnel.conf 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Compression not enabled 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Snagged 64 random bytes from /root/.rnd 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Wrote 1024 new random bytes to /root/.rnd 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: PRNG seeded successfully 
2016.02.14 13:44:20 LOG6[4173:140328635270912]: Initializing service section [websocket] 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate: /etc/apache2/ssl/ssl-cert-businessgame.pem 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Certificate loaded 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Key file: /etc/apache2/ssl/ssl-cert-businessgame.key 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Private key loaded 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Could not load DH parameters from /etc/apache2/ssl/ssl-cert-businessgame.pem 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Using hardcoded DH parameters 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: DH initialized with 2048-bit key 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: ECDH initialized with curve prime256v1 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: SSL options set: 0x00000004 
2016.02.14 13:44:20 LOG5[4173:140328635270912]: Configuration successful 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Service [websocket] (FD=12) bound to 94.198.160.29:9301 
2016.02.14 13:44:20 LOG7[4173:140328635270912]: Created pid file /var/run/stunnel4.pid 
2016.02.14 13:44:47 LOG7[4173:140328635270912]: Service [websocket] accepted (FD=3) from 81.83.185.230:49718 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] started 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Waiting for a libwrap process 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Acquired libwrap process #0 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Releasing libwrap process #0 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Released libwrap process #0 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] permitted by libwrap from 81.83.185.230:49718 
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Service [websocket] accepted connection from 81.83.185.230:49718 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: SSL accepted: new session negotiated 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: Compression: null, expansion: null 
2016.02.14 13:44:47 LOG6[4173:140328635262720]: connect_blocking: connecting 127.0.0.1:9300 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: connect_blocking: s_poll_wait 127.0.0.1:9300: waiting 10 seconds 
2016.02.14 13:44:47 LOG3[4173:140328635262720]: connect_blocking: connect 127.0.0.1:9300: Connection refused (111) 
2016.02.14 13:44:47 LOG5[4173:140328635262720]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Local socket (FD=3) closed 
2016.02.14 13:44:47 LOG7[4173:140328635262720]: Service [websocket] finished (0 left) 

我stunnel.conf

foreground = yes 
    key = /etc/apache2/ssl/ssl-cert-businessgame.key 
    cert = /etc/apache2/ssl/ssl-cert-businessgame.pem 
    CAfile = /etc/apache2/ssl/ssl-cert-businessgame.pem 
    debug = 7 
    output = /var/log/stunnel_websocket.log 
    [websocket] 
    accept = businessgame.be:9301 
    connect = 9300 

客户端浏览器控制台：

WebSocket connection to 'wss://businessgame.be:9301/socket/server.php' failed: Error in connection establishment: net::ERR_SOCKET_NOT_CONNECTED 

我正在使用与我用于SSL的相同的证书。我也用自己生成的密钥和证书文件尝试过，但没有运气。我得到相同的错误，握手失败。

Answer 1

所以问题不在于通道，但我不得不改变服务器设置套接字的方式。我曾经将其创建为域：端口，但必须将其更改为本地主机：端口

所以在server.php文件，我不得不改变

// start the server 
$Server = new PHPWebSocket(); 
$Server->bind('message', 'wsOnMessage'); 
$Server->bind('open', 'wsOnOpen'); 
$Server->bind('close', 'wsOnClose'); 
// for other computers to connect, you will probably need to change this to your LAN IP or external IP, 
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME'])) 
$Server->wsStartServer('businessgame.be', 9300); 

到

// start the server 
$Server = new PHPWebSocket(); 
$Server->bind('message', 'wsOnMessage'); 
$Server->bind('open', 'wsOnOpen'); 
$Server->bind('close', 'wsOnClose'); 
// for other computers to connect, you will probably need to change this to your LAN IP or external IP, 
// alternatively use: gethostbyaddr(gethostbyname($_SERVER['SERVER_NAME'])) 
$Server->wsStartServer('localhost', 9300);