让我们对Kubernetes上的SignalR加密入口服务

时间:2019-01-23 17:42:10

标签: asp.net-core kubernetes .net-core signalr lets-encrypt

我在kubernetes服务上有dotnet core signalR应用程序。最重要的是,让加密入口服务为我提供SSL证书。

我可以在“加密证书”下获取网站,一切似乎都有效。

如果我想通过wss协议连接signalR,则每2秒断开一次连接。

错误是:

{"error":"Handshake was canceled."}
The connection was terminated cleanly with status code 1000 (NORMAL).

服务器日志为:

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://DOMAIN/ChatHub  
dbug: Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionManager[1]
      New connection XPqUHoK9b4PAeF_bKwQtIg created.
dbug: Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionDispatcher[4]
      Establishing new connection.
dbug: Microsoft.AspNetCore.SignalR.HubConnectionHandler[5]
      OnConnectedAsync started.
dbug: Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport[1]
      Socket opened using Sub-Protocol: '(null)'.
dbug: Microsoft.AspNetCore.SignalR.HubConnectionContext[2]
      Handshake was canceled.
dbug: Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport[7]
      Waiting for the client to close the socket.
dbug: Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport[2]
      Socket closed.
dbug: Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionManager[2]
      Removing connection XPqUHoK9b4PAeF_bKwQtIg from the list of connections.

应用程序版本:

netcoreapp2.2
Microsoft.AspNet.SignalR -v 2.4.0

我也尝试了纯websocket连接,但是还是一样。我该如何解决这个问题?

PS:如果我为kestrel服务器定义了物理SSL证书,那是可行的。

1 个答案:

答案 0 :(得分:0)

我有类似的问题,这就是我如何处理的 注意:此解决方案是dotnet core 2.2中纯websocket的可行解决方案,我尚未使用signalR对其进行测试

使用Apache作为代理Microsoft文档here 

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ProxyPreserveHost On
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://127.0.0.1:81/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://127.0.0.1:81/$1 [P,L]

    ProxyPass / http://127.0.0.1:81/
    ProxyPassReverse / http://127.0.0.1:81/
</VirtualHost>
</IfModule>

因此,基本上会发生的是,流量将一直是HTTPS,直到Apache,然后Apache将充当代理并将流量传递给Kestrel。 它可能很难配置,但事实并非如此, -配置Apache以使用HTTP和WS 然后配置让我们像这样加密:

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
sudo nano /etc/apache2/sites-available/example.com.conf
...
ServerName example.com;
...
sudo apache2ctl configtest
sudo systemctl reload apache2
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'

下一行命令将配置您的SSL Apache配置

sudo certbot --apache -d example.com -d www.example.com

那么您将能够通过HTTPS和WSS访问您的网站,到目前为止,它从未失败过:)

相关问题
最新问题