swoole啓用wss鏈接服務的檢查步驟:php
一、wss應用,發起websocket鏈接的頁面必須使用httpsnginx
二、瀏覽器不信任的ssl證書沒法使用wssweb
----即站點須要支持https訪問,且須要瀏覽器信任的ssl證書瀏覽器
三、必須支持PEM格式,不支持DER格式,可以使用openssl工具進行轉換服務器
四、編譯swoole時需加入--enable-openssl選項,可經過如下命名查看swoole是否啓用opensslwebsocket
$php --ri swoole swoole swoole support => enabled Version => 1.10.1 Author => tianfeng.han[email: mikan.tenny@gmail.com] epoll => enabled eventfd => enabled timerfd => enabled signalfd => enabled cpu affinity => enabled spinlock => enabled rwlock => enabled async http/websocket client => enabled openssl => enabled Linux Native AIO => enabled pcre => enabled zlib => enabled mutex_timedlock => enabled pthread_barrier => enabled futex => enabled Directive => Local Value => Master Value swoole.aio_thread_num => 2 => 2 swoole.display_errors => On => On swoole.use_namespace => Off => Off swoole.fast_serialize => Off => Off swoole.unixsock_buffer_size => 8388608 => 8388608
swoole編譯安裝(我安裝1.10.2版本應該默認開啓openssl的)swoole
參考:http://www.javashuo.com/article/p-tattrpju-q.htmlsession
五、啓動websocket ssl模式socket
$setConfig = [ 'ssl_key_file' => '/usr/local/nginx/conf/server.key', 'ssl_cert_file' => '/usr/local/nginx/conf/server.crt' ]; $server = new \swoole_websocket_server("127.0.0.1", 9501, SWOOLE_BASE, SWOOLE_SOCK_TCP | SWOOLE_SSL); $server->set($setConfig);
SSL免費證書申請及nginx環境下配置(基於騰訊雲)async
一、https://console.qcloud.com,找到雲產品-》SSL證書管理
二、進入「申請證書」-》選擇免費DVSSL證書
三、填寫你的域名信息,後面下一步,下一步,而後等待審覈經過便可獲得一個免費的證書
四、下載證書到服務器上
五、配置nginx支持ssl(示例爲在反向代理中添加ssl支持配置)
server { listen 80; listen 443; server_name ktvme.banyanx.cn; ssl on; ssl_certificate /www/xxxx/nginx/ssl/1_ktvme.banyanx.cn_bundle.crt; ssl_certificate_key /www/xxxx/nginx/ssl/2_ktvme.banyanx.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; access_log /www/xxxx/ktvme.banyanx.cn.log; #反向代理配置 location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:82; proxy_redirect off; } }
重啓nginx便可 $nginx -s reload