【发布时间】:2022-01-19 11:48:52
【问题描述】:
我正在尝试以安全的方式切换我的所有通信,而 websocket 对我来说真的很重要。
我在后端使用 mosquitto 来提供数据,我想处理 wss 连接。不幸的是,我所有的连接都失败了
与“wss://192.168.x.PORT/mqtt”的 WebSocket 连接失败
这是我的 mosquitto 配置文件:
user daemon
#Standart port for encrypted MQTT
listener 8883
protocol mqtt
# cafile /etc/mosquitto/tls/ca/ca.crt
# certfile /etc/mosquitto/tls/broker/broker.crt
# keyfile /etc/mosquitto/tls/broker/broker.key
# require_certificate true
#old port encrypted in case
listener 1883
protocol mqtt
# cafile /etc/mosquitto/tls/ca/ca.crt
# certfile /etc/mosquitto/tls/broker/broker.crt
# keyfile /etc/mosquitto/tls/broker/broker.key
#require_certificate true
listener 9001
protocol websockets
cafile /etc/mosquitto/tls/m2mqtt_ca.crt
certfile /etc/mosquitto/tls/borker/m2mqtt_srv.crt
keyfile /etc/mosquitto/tls/borker/m2mqtt_srv.key
tls_version tlsv1.2
allow_anonymous true
require_certificate false
浏览器连接到端口 9001 和我的本地服务器,他们将数据连接到 localhost:8883
这里是蚊子日志:
1970-02-26_21:59:53.65784 4917593: mosquitto version 1.4.14 (build date 2021-12-16 14:48:43+0100) starting
1970-02-26_21:59:53.65949 4917593: Config loaded from /etc/mosquitto/mosquitto.conf.
1970-02-26_21:59:53.68685 4917593: Opening ipv4 listen socket on port 8883.
1970-02-26_21:59:53.69108 4917593: Opening ipv6 listen socket on port 8883.
1970-02-26_21:59:53.69356 4917593: Opening ipv4 listen socket on port 1883.
1970-02-26_21:59:53.69875 4917593: Opening ipv6 listen socket on port 1883.
1970-02-26_21:59:53.71940 4917593: Opening websockets listen socket on port 9001.
1970-02-26_22:00:08.62160 4917608: New connection from 127.0.0.1 on port 8883.
1970-02-26_22:00:08.63007 4917608: New client connected from 127.0.0.1 as butler (c1, k0).
1970-02-26_22:00:08.63265 4917608: Sending CONNACK to butler (0, 0)
1970-02-26_22:00:08.65672 4917608: Received SUBSCRIBE from butler
1970-02-26_22:00:08.65681 4917608: butler/settings/set (QoS 0)
1970-02-26_22:00:08.65685 4917608: butler 0 butler/settings/set
1970-02-26_22:00:08.65688 4917608: Sending SUBACK to butler
1970-02-26_22:00:08.66205 4917608: Received PUBLISH from butler (d0, q0, r1, m0, 'butler/version', ... (7 bytes))
1970-02-26_22:00:08.69587 4917608: Received PUBLISH from butler (d0, q0, r0, m0, 'butler/settings', ... (573 bytes))
1970-02-26_22:00:09.19902 4917609: Received PUBLISH from butler (d0, q0, r0, m0, 'butler/settings', ... (28373 bytes))
1970-02-26_22:00:09.21120 4917609: Received PUBLISH from butler (d0, q0, r0, m0, 'butler/settings', ... (43 bytes))
1970-02-26_22:00:09.21305 4917609: Received PUBLISH from butler (d0, q0, r0, m0, 'butler/settings', ... (67 bytes))
1970-02-26_22:00:09.21504 4917609: Received PUBLISH from butler (d0, q0, r0, m0, 'butler/settings', ... (83 bytes))
这是我连接到 websocket 的 js 代码:
ClientImpl.prototype._doConnect = function(wsurl) {
// When the socket is open, this client will send the CONNECT WireMessage using the saved parameters.
this.connectOptions.useSSL = true;
if (this.connectOptions.useSSL) {
var uriParts = wsurl.split(":");
uriParts[0] = "wss";
wsurl = uriParts.join(":");
}
this._wsuri = wsurl;
this.connected = false;
const options = {
rejectUnauthorized: false
}
if (this.connectOptions.mqttVersion < 4) {
this.socket = new WebSocket(wsurl, ["mqttv3.1"], options);
} else {
this.socket = new WebSocket(wsurl, ["mqtt"], options);
}
}
编辑 我检查了wireshark,连接(SYN,ACK)完成了工作,但是tls中的客户端hello失败了...... 抱歉,我无法在文本模式下转换
编辑 2
我解决了我的问题,并与 mosquitto 建立了 ws 连接(我在 firefox 中启用了 network.websocket.allowInsecureFromHTTPS 参数)并且它有效!所以我确定了问题:mosquitto 没有激活 wss...我也更改了配置文件
我该如何解决这个问题? 提前致谢!
【问题讨论】:
-
在您使用
ws://添加证书选项之前它是否有效(您需要通过 http 而不是 https 加载页面才能通过 ws:// 连接)。另外请不要张贴日志的图像,张贴实际的文字,它更容易阅读,并且可以被使用屏幕阅读器的人阅读。 -
日志甚至没有显示任何试图连接到端口 9001 的内容。您确定该端口在防火墙中打开了吗?
-
这适用于 ws://,但我的网站现在通过 ssl 代理(我使用 lighttpd)
-
我签入 netstat : tcp 0 0 (null):9001 (null):* LISTEN 1107/mosquitto
标签: ssl websocket mqtt mosquitto wss