无法通过React Native连接到Meteor Web套接字

Question

我目前使用this tutorial在nginx的Digital Ocean上托管一个捆绑的Meteor应用程序

我正在使用React Native中的react-native-meteor包连接到此服务器。当服务器托管在本地主机上时，Meteor.connect(ws://192.168.0.2:3000/websocket)可以工作。

此外，当应用程序在数字海洋上运行时，在绕过安全警告和带有wss://XXX.XXX.X.XX/websocket的websocket后，我可以使用https://XXX.XXX.X.XX连接到流星服务器的网页。

但是，运行Meteor.connect(wss://XXX.XXX.X.XX/websocket)或Meteor.connect(ws://XXX.XXX.X.XX/websocket)不起作用。

下面是nginx的配置：

server_tokens off; # for security-by-obscurity: stop displaying nginx version

# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTP
server {
    listen 80 default_server; # if this is not a default server, remove "default_server"
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html; # root is irrelevant
    index index.html index.htm; # this is also irrelevant

    server_name XXX.XXX.X.X; # the domain on which we want to host the application. Since we set "default_server" previously, nginx will answer all hosts anyway.

    # redirect non-SSL to SSL
    location / {
        rewrite     ^ https://$server_name$request_uri? permanent;
    }
}

# HTTPS server
server {
    listen 443 ssl spdy; # we enable SPDY here
    server_name XXX.XXX.X.X; # this domain must match Common Name (CN) in the SSL certificate

    root html; # irrelevant
    index index.html; # irrelevant

    ssl_certificate /etc/nginx/ssl/budget.pem; # full path to SSL certificate and CA certificate concatenated together
    ssl_certificate_key /etc/nginx/ssl/budget.key; # full path to SSL key

    # performance enhancement for SSL
    ssl_stapling on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # safety enhancement to SSL: make sure we actually use a safe cipher
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';

    # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
    # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
    add_header Strict-Transport-Security "max-age=31536000;";

    # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
    # This works because IE 11 does not present itself as MSIE anymore
    if ($http_user_agent ~ "MSIE" ) {
        return 303 https://browser-update.org/update.html;
    }

    # pass all requests to Meteor
    location / {
        proxy_pass http://0.0.0.0:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

        # this setting allows the browser to cache the application in a way compatible with Meteor
        # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
        # the root path (/) MUST NOT be cached
        if ($uri != '/') {
            expires 30d;
        }
    }
}

如有任何帮助，我们不胜感激！

Answer 1

您应该更新您的问题以显示错误消息(打开浏览器javascript控制台，然后刷新链接并重新创建错误条件) ...您的nginx配置必须包括以下设置

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

在您的nginx配置中

location / {

    proxy_pass http://GKE_NGINX_NODEJS_ENDUSER_SERVER_IP:3000/;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

    # Include support for web sockets:
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

除了以上内容之外，请确保您在服务器模块中具有此功能

server {

    server_name example.com;

而不是服务器的IP：

    server_name XXX.XXX.X.X; # this domain must match Common Name (CN) in the SSL certificate

有很多可移动的部件。确保在执行节点时，在启动应用程序之前已经定义了环境变量METEOR_SETTINGS

METEOR_SETTINGS={
  "public": {
    "rootUrl": "https://example.com",
    < ... more here ... >
  },
  "cordova": {
    "localhost": "http://localhost:12416"
  },
  < ... more here ... >
}