First, background
Swoole framework is used in the online server program. The main process directly listens on port 8008, and then connection failure occurs in the process of use
WebSocket connection to 'wss://XXX:8008/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
Two, check the cause
In the process of searching for information on the Internet, I also saw the causes of similar problems, and then carried out investigation, and recorded the causes of large probability for reference.
1.SSL certificate problem (due to the occurrence of probability, this reason is temporarily excluded)
2. Swoole whether openSSL is enabled. To use SSL, you must add the — enable-openSSL option when compiling Swoole (run the PHP –ri swoole command on the server to check whether it is compiled and verify that it is excluded because it is compiled).
3. Restart the program after changing the configuration (see some people did not restart the process, so it does not take effect, please note)
4. The program and nginx listen on the same port at the same time
5. The socket program was not started (the process was observed when the problem occurred, and the program was running normally, so it was excluded)
Iii. Solutions
Through the description of the second point, it can be found that the actual reason is not found, but it is common practice to use nginx to forward to other ports, I asked the company other related services also use similar processing scheme, so for the stability of online business, resolutely adopt!
Add listening on port 8008 in nginx configuration, then proxy forward to port 8088, swoole program change to listen on port 8088, kill swoole program (otherwise because port 8008 is occupied, nginx will fail to restart), restart nginx, restart Swoole program, online authentication, And you’re done.
server { listen 8008; ssl on; ssl_certificate ssl.cer; ssl_certificate_key ssl.key; Location / {proxy_pass https://127.0.0.1:8088; proxy_set_header X-Real-IP$remote_addr;
proxy_read_timeout 600;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; }}Copy the codeNginx configuration details
Leave the pit to be updated
Five, the real cause of detection
At present, this problem is not solved, just from the side around the past, but the real reason or to try to check the……
1. According to the content about the certificate on swoole’s official website, it says that the certificate format must be PEM and DER format is not supported. The program used DER format before the online server (it should be normal or fail all the time if there is a problem with the certificate, there should not be a probability of failure). Therefore, the probability of failure due to DER certificate format can be used as a probe direction.
