如何将HTTP流转换为HTTPS?

时间:2019-02-25 21:10:43

标签: node.js ssl nginx https mixed-content

我的网站通过HTTPS在公共主机上运行,​​并连接到在Raspberry PI上运行的节点服务器。

与PI处于同一网络中的还有一块硬件(称为解码器),该硬件通过TCP发送数据流。 PI的目的是读取该流并将其通过WebSocket发送到浏览器。因此,目标是在我的网站上输出该流。

现在我遇到了混合内容问题,不知道如何解决。

到目前为止,我所做的是在PI上安装nginx网络服务器并安装了Letsencrypt证书。两者都运行良好(通过网络浏览器中的常规https://调用进行了测试)。

没有 SSL的Websocket连接也可以正常工作,并且我可以获取数据,但是使用 SSL不能正常工作。我想问题是解码器无法处理SSL。

那么如何将非SSL数据流“发送”,“转换”,“隧道”或“代理”到HTTPS服务器?

更新

@Jake Holzinger:您绝对正确。提供的信息还不够。抱歉!我尝试澄清一下:

  1. nginx未经进一步修改。这就是来自安装的配置
  2. 网站(Angular)做let connection = new WebSocket('wss://domain:port');

  3. 节点服务器如下所示:

    const net = require('net');
const fs = require('fs');
const https = require('https');
const date = require('date-and-time');
const config = require('./server-config.json');
const httpProxy = require('http-proxy');

//  SSL SERVER
try {
    const privateKey = fs.readFileSync('/etc/letsencrypt/live/' + config.DNSROUTER + '/privkey.pem', 'utf8');
    const certificate = fs.readFileSync('/etc/letsencrypt/live/' + config.DNSROUTER + '/cert.pem', 'utf8');
    const ca = fs.readFileSync('/etc/letsencrypt/live/' + config.DNSROUTER + '/chain.pem', 'utf8');

    const options = {
            key: privateKey,
            cert: certificate,
            ca: ca
    };

    let proxy = httpProxy.createServer({
        target: 'ws://localhost:9030',
        ssl: {
            key: privateKey,
            cert: certificate
        }
    }).listen(9031);
}
catch (e) {
    console.log("LETSENCRYPT certificates not found! No SSL!");
    console.log(e)
}

/**
 *  server
 */
let connections = {};
let WebSocketServer = require('ws').Server;

// start WS via HTTP
const wss1 = new WebSocketServer({port: 9030});

wss1.on('connection', function(ws) {
    CLIENTS.push(ws);
    console.log('connection via HTTP');

    ws.on('close', function () {
        console.log('close HTTP!');
        CLIENTS = CLIENTS.filter(item => item != ws);
    })
})


/**
 *  client
 */
let connect = function() {

                console.log(now(), 'Starting server...');

                const socket = net.createConnection({ port: config.PORT, host: config.HOST }, () => {
                    console.log('Connected to server!');
                })

                socket.on('connect', () => {
                    console.log(now(), 'Connected to server!');

                    socket.on('data', data => {
                        sendAll(data);
                    });
                });

                socket.on('error', data => {
                    console.log(now(), "Connnection refused:", data.errno,data.code,"(IP:", data.address + ":" + data.port + ")");

                    setTimeout(() => {
                        socket.removeAllListeners();

                        console.log(now(),"Reconnecting...");
                        connect();
                    }, 1000);
                });

                socket.on('end', () => {
                    console.log(now(), 'Disconnected from server');
                    console.log(now(), "Reconnecting...");

                    socket.removeAllListeners();
                    connect();
                });
}

connect();

我希望这会给人更好的印象。谢谢您的帮助!

1 个答案:

答案 0 :(得分:0)

现在,我以另一种方式解决了这个问题。

我没有创建代理服务器节点实现,而是在nginx网络服务器级别创建了反向代理,以代理所有HTTPS->对PI的HTTP调用。下面的代码现在对我来说很好用。

sudo nano /etc/nginx/sites-available/default

并像这样更改内容:

server {
    listen 9031 ssl;

    ssl_certificate /etc/letsencrypt/live/DOMAIN_DNS/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_DNS/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9030;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
}
相关问题
最新问题