IIS 中反向代理后面的基于 Websocket 的网站

IIS 中反向代理后面的基于 Websocket 的网站

我正在尝试让一个基于 websocket 的网站运行,该网站由 IIS 服务器反向代理。

情况

  • IIS v10.0.19041.1正在运行Windows 10 Pro
  • SSL 证书来自IISLetsEncrypt并由其安装/管理。Win-ACME
  • FoundryVTT v0.7.3专用服务器中运行FreeNAS 11.4-RELEASE-p2 jail(这是基于 websocket 的网站)。
  • FoundryVTTsocket.io用途node.js
  • FoundryVTT 服务器位于IP 192.168.2.36Port 30000

观察

  • FoundryVTT 服务器在 LAN 上运行良好。
  • SSL 证书有效且正常运行,并且可以从 WAN 访问服务器。
  • 通过 WAN 加载 FoundryVTT 设置页面时一切正常,但是当我输入管理员访问密钥时,系统会显示一个空白的设置页面。FoundryVTT 社区提到,这是代理配置错误导致的已知问题。 清空设置页面
  • 在使用 Fiddler v5.0.2020.18177 观察网络流量后,我发现我确实达到了 101 HTTP 响应的程度,从而将协议切换到 websocket。Fiddler websocket 响应
  • 双击捕获无法让我转到 websocket 选项卡来检查那里的流量。我怀疑根本没有建立连接,因为我看到在第一个初始的 101 交换机协议响应之后还有几个 101 交换机协议响应,中间有轻微的延迟。

我尝试过什么

  • 我已验证我已经安装了 WebSocket 协议功能。Windows 功能 - WebSocket 协议

  • 我已经验证我的网站在 IIS 中启用了 websockets。IIS - 配置编辑器 - webSocket

  • 我曾尝试web.config按照互联网上人们提出的各种建议来解决这个问题(例如).web.config 现在的内容如下:

      <?xml version="1.0" encoding="UTF-8"?>
      <configuration>
          <system.webServer>
              <rewrite>
                  <rules>
                      <clear />
                      <rule name="Web Socket Reverse" enabled="true" stopProcessing="true">
                          <match url="ws:///example.com:30000(.*)" />
                          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                          </conditions>
                          <action type="Rewrite" url="ws://192.168.2.36:30000/{R:1}" />
                      </rule>
                      <rule name="Web Socket Reverse 2" enabled="true" stopProcessing="true">
                          <match url="wss://example.com:30000(.*)" />
                          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                          </conditions>
                          <action type="Rewrite" url="wss://192.168.2.36:30000/{R:1}" />
                      </rule>
                      <rule name="HTTPS redirect" enabled="true" stopProcessing="true">
                          <match url="(.*)" />
                          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                              <add input="{HTTPS}" pattern="^OFF$" />
                          </conditions>
                          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
                      </rule>     
                      <rule name="FoundryVTT proxy" stopProcessing="true">
                        <match url="(.*)" />
                        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                          <add input="{HTTP_HOST}" pattern="example.com" />
                        </conditions>
                        <action type="Rewrite" url="http://192.168.2.36:30000/{R:1}" />
                        <serverVariables>
                          <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
                          <set name="HTTP_ACCEPT_ENCODING" value="" />
                        </serverVariables>
                      </rule>
                      <rule name="RequestBlockingRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                          <match url="*" />
                          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                              <add input="{URL}" pattern="*" />
                              <add input="{HTTP_HOST}" pattern="example.com" negate="true" />
                          </conditions>
                          <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
                      </rule>
                  </rules>
                  <outboundRules>
                      <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                        <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
                        <conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
                        <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
                      </rule>
                      <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                          <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.2.36:30000/(.*)" />
                          <action type="Rewrite" value="http{R:1}://example.com/{R:2}" />
                      </rule>
                      <preConditions>
                        <preCondition name="ResponseIsHtml1">
                          <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                        </preCondition>
                        <preCondition name="NeedsRestoringAcceptEncoding">
                          <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
                        </preCondition>
                      </preConditions>
                    </outboundRules>
                  <rewriteMaps>
                      <!--{MapProtocol:{HTTPS}}-->
                      <rewriteMap name="MapProtocol">
                          <add key="on" value="https" />
                          <add key="off" value="http" />
                      </rewriteMap>
                  </rewriteMaps>
              </rewrite>
              <urlCompression doStaticCompression="false" doDynamicCompression="false" />
          </system.webServer>
      </configuration>
    
  • 我已经重新启动了 IIS 网站,在浏览器中使用了隐身模式,禁用了附加组件并使用了其他浏览器。

  • 我查看了有关如何配置它的指南NGINX球童阿帕奇作为灵感(IIS 不存在于 wiki 上)。

  • 我已经在他们的 Discord 聊天中询问过,但似乎没人对 IIS 有足够的了解。

访问 FoundryVTT 网站时 IIS 日志中的一段代码:

    2020-10-12 16:04:13 192.168.2.11 POST /setup X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=8c5986c1-768f-4833-b71b-04ed4bae47f1&SERVER-STATUS=302 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 302 0 0 35
    2020-10-12 16:04:13 192.168.2.11 GET /setup X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=fddb90ae-27b7-4cce-b3b0-a6864d451514&SERVER-STATUS=200 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 200 0 0 25
    2020-10-12 16:04:13 192.168.2.11 GET /css/style.css X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=0a2d276f-6985-4fd7-9d21-1e4f63cacb80&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 26
    2020-10-12 16:04:13 192.168.2.11 GET /fonts/fontawesome/css/all.min.css X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=78f40fa3-22bd-47ac-8987-03ec7ea70a5d&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 23
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/jquery.min.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=f94993ac-23a7-4b71-8db9-45b564c91a40&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 22
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/handlebars.min.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=cf0118b0-6a3d-4fb1-8654-abfbcfc6af35&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 21
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/handlebars-intl.min.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=b76f116d-213f-44b8-9479-8ed79157c623&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 21
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/foundry.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=94e56a90-ae3e-4095-bb40-00ae04033be1&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 27
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/howler.min.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=31c85a47-e7f8-40e6-b242-79377bb9136f&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 27
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/pixi.min.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=ffb1b3d7-00cf-4d68-8cf9-e3e87bf6b811&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 27
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/socket.io.slim.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=4f937d01-ead6-437c-9e4e-fc050ccd2556&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 27
    2020-10-12 16:04:13 192.168.2.11 GET /scripts/tinymce.min.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=343bfaca-427e-47a1-a168-b4250f62fc0e&SERVER-STATUS=304 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 https://example.com/setup 304 0 0 27
    2020-10-12 16:04:13 192.168.2.11 GET /socket.io/ session=ne19sc1orug1dsk7ndn1u4i7&EIO=3&transport=websocket&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=7afb0d81-b323-4e94-8ae7-c1a90bc2ef1c&SERVER-STATUS=101 443 - SOMEHOST.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36 - 502 5 12152 53

答案1

因此显然 IIS 无法处理permessage-deflate(参见这个问题) 扩展Sec-WebSocket-Extensions。解决方案是清除标头,因为这是 FoundryVTT 使用的唯一扩展:

<serverVariables>
  <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
</serverVariables>

不要忘记HTTP_SEC_WEBSOCKET_EXTENSIONS为您的网站添加允许的服务器变量。

Web Socket ReverseWeb Socket Reverse 2并且ReverseProxyOutboundRule1不需要使 FoundryVTT 与 IIS 协同工作。

相关内容