用nginx反向代理webman的sse服務(wù)加上ssl時無法連接

zhaohanfeng 2025-04-10

問題描述

參考社區(qū)的示例使用自定義進(jìn)程方式寫的sse服務(wù)，正常不使用nginx或者不使用ssl時可正常連接，但是加上ssl就不行，服務(wù)器上嘗試相同的ssl配置用node寫的sse示例能正常輸出

程序代碼

namespace process;

use Workerman\Connection\TcpConnection;
use Workerman\Protocols\Http\Request;
use Workerman\Protocols\Http\ServerSentEvents;
use Workerman\Protocols\Http\Response;
use Webman\Channel\Client;
use Workerman\Timer;

class EventSource
{

    protected $connections = [];

    /**
     * 函數(shù)描述
     * onWorkerStart
     * @author     :lance
     * @description:{初始化工作進(jìn)程，并連接至channel服務(wù)}
     */
    public function onWorkerStart()
    {
        // 連接到 Channel 服務(wù)（默認(rèn)監(jiān)聽 2206 端口）
        try {

            Client::connect(channelIP, channelPort);

            // 訂閱消息頻道
            Client::on('sse_message', function ($data) {

                $token = $data['token'] ?? false;
                if ($token && $token !== '' && isset($this->connections[$token])) {
                    foreach ($this->connections[$token] as $connection) { // 需自行維護(hù)連接池
                        $connection->send(new ServerSentEvents([
                            'event' => 'message',
                            'data'  => json_encode($data),
                            'id'    => $data['mid']
                        ]));
                    }
                }
            });

        } catch (\Exception $e) {
            error_log("Failed to connect to Channel service: " . $e->getMessage());
            return;
        }
    }

    /**
     * 函數(shù)描述
     * onMessage
     * @param TcpConnection $connection
     * @param Request       $request
     * @author     :lance
     * @description:{服務(wù)連接時進(jìn)行消息推送}
     */
    public function onMessage(TcpConnection $connection, Request $request)
    {
        // 如果Accept頭是text/event-stream則說明是SSE請求
       // if ($request->header('accept') === 'text/event-stream') {

            // 首先發(fā)送一個 Content-Type: text/event-stream 頭的響應(yīng)
            $connection->send(new Response(200, [
                'Content-Type'                 => 'text/event-stream',
                'Access-Control-Allow-Origin'  => '*', // 允許的域名
                'Access-Control-Allow-Methods' => 'GET, POST, OPTIONS',   // 允許的請求方法
                'Access-Control-Allow-Headers' => 'Content-Type, Authorization', // 允許的請求頭
            ], '\r\n'));

            // 假設(shè)請求中帶有用戶標(biāo)識，比如 URL ?uid=123
            $token = $request->get('token') ?? $connection->id;
            $connection->token = $token;
            $connectionId = $connection->id;

            // 保存該連接到全局?jǐn)?shù)組中
            $this->connections[$token][$connectionId] = $connection;

            //默認(rèn)發(fā)送一個hello信息
            $connection->send(new ServerSentEvents(['event' => 'message', 'data' => 'hello', 'id' => 1]));

            // 定時向客戶端推送數(shù)據(jù)
            $timer_id = Timer::add(2, function () use ($connection, &$timer_id) {
                // 連接關(guān)閉的時候要將定時器刪除，避免定時器不斷累積導(dǎo)致內(nèi)存泄漏
                if ($connection->getStatus() !== TcpConnection::STATUS_ESTABLISHED) {
                    Timer::del($timer_id);
                    return;
                }
                // 發(fā)送message事件，事件攜帶的數(shù)據(jù)為hello，消息id可以不傳
                $connection->send(new ServerSentEvents(['event' => 'message', 'data' => json_encode(['t'=>'hello']), 'id' => 1]));
            });
            return;
        //}
        $connection->send('ok');
    }

    /**
     * 函數(shù)描述
     * onClose
     * @param TcpConnection $connection
     * @author     :lance
     * @description:{關(guān)閉連接時，刪除連接}
     */
    public function onClose(TcpConnection $connection)
    {
        if (isset($connection->token)) {
            if (isset($this->connections[$connection->token])) {
                if(isset($this->connections[$connection->token][$connection->id])){

                    // 刪除連接
                    unset($this->connections[$connection->token][$connection->id]);
                }
            }
        }
    }
}

Nginx配置如下

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  pdfapi.xxxx.cn;
        root        /mnt/sse;

        ssl_certificate "/mnt/ssl/xxxx/fullchain.cer";
        ssl_certificate_key "/mnt/ssl/xxxx/xxxx.cn.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

       #  Load configuration files for the default server block.
       # include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }

        location / {
            proxy_pass http://192.168.0.18:8687/;
            #proxy_pass http://127.0.0.1:3001/;
            proxy_http_version 1.1;
            proxy_set_header Connection '';
            proxy_buffering off;
            proxy_cache off;
            proxy_read_timeout 86400;
        }
    }

截圖報錯信息里報錯文件相關(guān)代碼

無ssl時能正常輸出

加上ssl時報錯

同樣配置下node寫的測試環(huán)境可以正常訪問

操作系統(tǒng)及workerman/webman等框架組件具體版本

系統(tǒng)為centos6.7，php版本為7.2，

 356  2 0

2個回答

kof21411 2025-04-11

location / {
        proxy_pass http://192.168.0.18:8687;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-real-ip $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
}

zhaohanfeng 2025-04-11

應(yīng)該不是nginx配置的原因，網(wǎng)上的配置基本我都試過了，我昨晚又試了webman2.1的版本是可以的反向代理的，我的webman版本是1.47

zhaohanfeng 2025-04-11

找到原因了，第一次發(fā)的文件頭，多了換行符“\r\n”，給大家參考

// 首先發(fā)送一個 Content-Type: text/event-stream 頭的響應(yīng)
            $connection->send(new Response(200, [
                'Content-Type'                 => 'text/event-stream',
                'Access-Control-Allow-Origin'  => '*', // 允許的域名
                'Access-Control-Allow-Methods' => 'GET, POST, OPTIONS',   // 允許的請求方法
                'Access-Control-Allow-Headers' => 'Content-Type, Authorization', // 允許的請求頭
            ], '\r\n'));