Open weiliudong opened 3 years ago
@weiliudong I see you commented https
options, have you tried with it ?
Currently you used tls
with ws
which is conflicting. If you want to create a secure websocket server, you need an HTTPS server.
You would use tls
option to connect with mqtts://
protocol.
I have started the https configuration, and the same is to refuse the wss connection, but the back-end code is OK, and the HTML will be rejected
my nodejs test.js This is ok.
var mqtt = require('mqtt');
var key = '-----BEGIN RSA PRIVATE KEY-----\n' + 'MIICXAIBAAKBgQCOvREyEqnzcc3Chhd0ozjYEXBN0wX3LulXBeK6O3e8YQ5wEDaC\n' + 'UlzYcOdkACzUEc7QAuYQDpyFJ3ldOAfWml9IQS5pEAFzmWgacLTkqu93aiceeyqW\n' + 'SwEJhBngrwjdXHWvjY2mrKwBECD54QkeWCbyeVAEt7ZTeQ54akXU1xbg5QIDAQAB\n' + 'AoGAVYDYPiCEAbqYQQBGKK5lrLi1h0jzd+B4EpMJ//kDfqq9FVAA9wwTZewsD/Ey\n' + '6U5Jjr1NxyyZggHlZ3va5ijPDfo5dTHV5CdXHbaVnOxGu5UCfnZIarW2xu8WMnzg\n' + 'CyIEw5Bi76iKpTx1haZDCdkHRk30nfTvESabmy1APdueFTkCQQDDomqKQdKnjU0j\n' + 'JMWjVi8yQpIM/6J0F/MqF0LVOBm8L/qlAX8JIfwRV6+dn1UIBERe7qMyxLeHR/gK\n' + 'bO5w61NrAkEAushKdQjl97ccxPdZ7YENFoFDiLB4Is4IvJmNuVnFAhMKoB9VK+38\n' + 'wjObcA0fba5gZCcO2XY7YlXYwQNvfywA7wJAf4tZGHBXjWNDIiFsNNQQixz5qT3U\n' + 'xQmEQDHQIcCkjptdNsyl7OdaNlhLp2DkiAh4JshAX+3+lVUncmyYe8gApwJARBn5\n' + 'A9j9uCb8h1hEYpM2CWmSDQmCk/YZO2KlSNpROWNl8WHbNQwtp0UXvHAccGou3PVc\n' + 'ta8lEcKJKD6vbWfG4wJBALx2ePpxq3gerSpW8I5QTxWMUJOLUwGEHD0ohzgPJceb\n' + 'c+8RTOwsFsM92H0si7zDFJWtDJtcZWkJrK+QNjw/j+A=\n' + '-----END RSA PRIVATE KEY-----\n';
var cert = '-----BEGIN CERTIFICATE-----\n' + 'MIIDPzCCAqigAwIBAgITAgAOAAAAAwAADAAAAAAADAAAADANBgkqhkiG9w0BAQsF\n' + 'ADBzMRswGQYDVQQDExJWc3RhcmNhbSBSb290IENhIDExCzAJBgNVBAYTAkNOMRIw\n' + 'EAYDVQQIEwlHdWFuZ2RvbmcxETAPBgNVBAoTCFZzdGFyY2FtMSAwHgYDVQQLExdo\n' + 'dHRwczovL3d3dy52c3RhcmNhbS5jbjAeFw0yMTA0MTgxMjQyNDhaFw00OTA0MTkx\n' + 'MjQyNDhaMIGBMRYwFAYDVQQDEw00Ny4xMDcuMTI2Ljg4MQswCQYDVQQGEwJDTjES\n' + 'MBAGA1UECBMJR3Vhbmdkb25nMREwDwYDVQQHEwhTaGVuemhlbjERMA8GA1UEChMI\n' + 'VnN0YXJjYW0xIDAeBgNVBAsTF2h0dHBzOi8vd3d3LnZzdGFyY2FtLmNuMIGfMA0G\n' + 'CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOvREyEqnzcc3Chhd0ozjYEXBN0wX3LulX\n' + 'BeK6O3e8YQ5wEDaCUlzYcOdkACzUEc7QAuYQDpyFJ3ldOAfWml9IQS5pEAFzmWga\n' + 'cLTkqu93aiceeyqWSwEJhBngrwjdXHWvjY2mrKwBECD54QkeWCbyeVAEt7ZTeQ54\n' + 'akXU1xbg5QIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgL0MDsG\n' + 'A1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwME\n' + 'BggrBgEFBQcDCDARBglghkgBhvhCAQEEBAMCAPcwMgYDVR0RBCswKYcEL2t+WIIJ\n' + 'bG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMB0GA1UdDgQWBBR01Oxd\n' + 'ZUPpOqTT2j3H8V5cHfpCkzANBgkqhkiG9w0BAQsFAAOBgQAJxg9Q2/5Al8ck1uVL\n' + '2LHuErbMfglt/MkEDbnrTtwTUnPweAsltBBo5h7XYYXhirL/GNsHXvddiyt2DS8p\n' + 'o9FY1HW7VV/nIg2TXvYXwKHMxtBKwpI2ipQoPltRfJC0dEzltjmkLxOKG2cfwjHZ\n' + 'bHRMXr5HMUHsjkgIaiKDkIqzbA==\n' + '-----END CERTIFICATE-----\n';
var ca = '-----BEGIN CERTIFICATE-----\n' + 'MIICujCCAiOgAwIBAgISAADPAAMAAAAADQAAAAsAAAzcMA0GCSqGSIb3DQEBCwUA\n' + 'MHMxGzAZBgNVBAMTElZzdGFyY2FtIFJvb3QgQ2EgMTELMAkGA1UEBhMCQ04xEjAQ\n' + 'BgNVBAgTCUd1YW5nZG9uZzERMA8GA1UEChMIVnN0YXJjYW0xIDAeBgNVBAsTF2h0\n' + 'dHBzOi8vd3d3LnZzdGFyY2FtLmNuMB4XDTIwMDMyNTA1NTIzMFoXDTQ0MDMyNTA1\n' + 'NTIzMFowczEbMBkGA1UEAxMSVnN0YXJjYW0gUm9vdCBDYSAxMQswCQYDVQQGEwJD\n' + 'TjESMBAGA1UECBMJR3Vhbmdkb25nMREwDwYDVQQKEwhWc3RhcmNhbTEgMB4GA1UE\n' + 'CxMXaHR0cHM6Ly93d3cudnN0YXJjYW0uY24wgZ8wDQYJKoZIhvcNAQEBBQADgY0A\n' + 'MIGJAoGBAJ0uG0OSLkSSqjkbKtPXubBb2wgiGwQn4rgXrxKQ9F2YapkUwubVGzU2\n' + 'It6WoHtua4amjsXuDrLbCH+9S818oaJdJx8E0nzLSIzoTBabePYOq0jQ7ASqAa0y\n' + 'y/C/GXkUZ1Xtep2NozoeFrxfsHhSC5TLCubFuEolAAy/3bpwzrP1AgMBAAGjTTBL\n' + 'MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTu4yRB\n' + '3Z9oqFxwBTwcWNnllv1B6zAJBgNVHSMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAGlC\n' + 'E6Vpz99nyxg1IXAuQ/M7s4gcYg0lyrsCEbKKzV0urdf1BBuCh2Lthx/ORghaV1k6\n' + 'l4UYCaXFdcU2ELMrBB2YKUs1OpWHlayyXEYHKPbKP+thjQoTEgdkxYtoN2NEalOF\n' + 'RbJeGAnMBg10Ksk4kEX0aIxUILAuFHJ+kBfI6yQS\n' + '-----END CERTIFICATE-----\n';
var options = { clientId: 'wld123', username: 'wld123', password: '123456', rejectUnauthorized: true, key: key, cert: cert, ca: ca, will: { topic: 'things/wld123/LWT', qos: 1, payload: JSON.stringify({"state": {"reported": {"connected": "false"}}}), retain: false } };
var connectUrl = 'wss://47.107.126.88:8883'; var client = mqtt.connect(connectUrl, options);
client.on('connect', () => { console.log('connected:') });
client.on('reconnect', () => { console.log('Reconnecting:') });
client.on('error', (error) => { console.log('Connection failed:', error) });
client.on('message', (topic, message) => { console.log('Received the news:', topic, message.toString()) });
my html use ,This is rejected
import * as mqtt from 'mqtt';
var key = '-----BEGIN RSA PRIVATE KEY-----\n' + 'MIICXAIBAAKBgQCOvREyEqnzcc3Chhd0ozjYEXBN0wX3LulXBeK6O3e8YQ5wEDaC\n' + 'UlzYcOdkACzUEc7QAuYQDpyFJ3ldOAfWml9IQS5pEAFzmWgacLTkqu93aiceeyqW\n' + 'SwEJhBngrwjdXHWvjY2mrKwBECD54QkeWCbyeVAEt7ZTeQ54akXU1xbg5QIDAQAB\n' + 'AoGAVYDYPiCEAbqYQQBGKK5lrLi1h0jzd+B4EpMJ//kDfqq9FVAA9wwTZewsD/Ey\n' + '6U5Jjr1NxyyZggHlZ3va5ijPDfo5dTHV5CdXHbaVnOxGu5UCfnZIarW2xu8WMnzg\n' + 'CyIEw5Bi76iKpTx1haZDCdkHRk30nfTvESabmy1APdueFTkCQQDDomqKQdKnjU0j\n' + 'JMWjVi8yQpIM/6J0F/MqF0LVOBm8L/qlAX8JIfwRV6+dn1UIBERe7qMyxLeHR/gK\n' + 'bO5w61NrAkEAushKdQjl97ccxPdZ7YENFoFDiLB4Is4IvJmNuVnFAhMKoB9VK+38\n' + 'wjObcA0fba5gZCcO2XY7YlXYwQNvfywA7wJAf4tZGHBXjWNDIiFsNNQQixz5qT3U\n' + 'xQmEQDHQIcCkjptdNsyl7OdaNlhLp2DkiAh4JshAX+3+lVUncmyYe8gApwJARBn5\n' + 'A9j9uCb8h1hEYpM2CWmSDQmCk/YZO2KlSNpROWNl8WHbNQwtp0UXvHAccGou3PVc\n' + 'ta8lEcKJKD6vbWfG4wJBALx2ePpxq3gerSpW8I5QTxWMUJOLUwGEHD0ohzgPJceb\n' + 'c+8RTOwsFsM92H0si7zDFJWtDJtcZWkJrK+QNjw/j+A=\n' + '-----END RSA PRIVATE KEY-----\n';
var cert = '-----BEGIN CERTIFICATE-----\n' + 'MIIDPzCCAqigAwIBAgITAgAOAAAAAwAADAAAAAAADAAAADANBgkqhkiG9w0BAQsF\n' + 'ADBzMRswGQYDVQQDExJWc3RhcmNhbSBSb290IENhIDExCzAJBgNVBAYTAkNOMRIw\n' + 'EAYDVQQIEwlHdWFuZ2RvbmcxETAPBgNVBAoTCFZzdGFyY2FtMSAwHgYDVQQLExdo\n' + 'dHRwczovL3d3dy52c3RhcmNhbS5jbjAeFw0yMTA0MTgxMjQyNDhaFw00OTA0MTkx\n' + 'MjQyNDhaMIGBMRYwFAYDVQQDEw00Ny4xMDcuMTI2Ljg4MQswCQYDVQQGEwJDTjES\n' + 'MBAGA1UECBMJR3Vhbmdkb25nMREwDwYDVQQHEwhTaGVuemhlbjERMA8GA1UEChMI\n' + 'VnN0YXJjYW0xIDAeBgNVBAsTF2h0dHBzOi8vd3d3LnZzdGFyY2FtLmNuMIGfMA0G\n' + 'CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOvREyEqnzcc3Chhd0ozjYEXBN0wX3LulX\n' + 'BeK6O3e8YQ5wEDaCUlzYcOdkACzUEc7QAuYQDpyFJ3ldOAfWml9IQS5pEAFzmWga\n' + 'cLTkqu93aiceeyqWSwEJhBngrwjdXHWvjY2mrKwBECD54QkeWCbyeVAEt7ZTeQ54\n' + 'akXU1xbg5QIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgL0MDsG\n' + 'A1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwME\n' + 'BggrBgEFBQcDCDARBglghkgBhvhCAQEEBAMCAPcwMgYDVR0RBCswKYcEL2t+WIIJ\n' + 'bG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMB0GA1UdDgQWBBR01Oxd\n' + 'ZUPpOqTT2j3H8V5cHfpCkzANBgkqhkiG9w0BAQsFAAOBgQAJxg9Q2/5Al8ck1uVL\n' + '2LHuErbMfglt/MkEDbnrTtwTUnPweAsltBBo5h7XYYXhirL/GNsHXvddiyt2DS8p\n' + 'o9FY1HW7VV/nIg2TXvYXwKHMxtBKwpI2ipQoPltRfJC0dEzltjmkLxOKG2cfwjHZ\n' + 'bHRMXr5HMUHsjkgIaiKDkIqzbA==\n' + '-----END CERTIFICATE-----\n';
var ca = '-----BEGIN CERTIFICATE-----\n' + 'MIICujCCAiOgAwIBAgISAADPAAMAAAAADQAAAAsAAAzcMA0GCSqGSIb3DQEBCwUA\n' + 'MHMxGzAZBgNVBAMTElZzdGFyY2FtIFJvb3QgQ2EgMTELMAkGA1UEBhMCQ04xEjAQ\n' + 'BgNVBAgTCUd1YW5nZG9uZzERMA8GA1UEChMIVnN0YXJjYW0xIDAeBgNVBAsTF2h0\n' + 'dHBzOi8vd3d3LnZzdGFyY2FtLmNuMB4XDTIwMDMyNTA1NTIzMFoXDTQ0MDMyNTA1\n' + 'NTIzMFowczEbMBkGA1UEAxMSVnN0YXJjYW0gUm9vdCBDYSAxMQswCQYDVQQGEwJD\n' + 'TjESMBAGA1UECBMJR3Vhbmdkb25nMREwDwYDVQQKEwhWc3RhcmNhbTEgMB4GA1UE\n' + 'CxMXaHR0cHM6Ly93d3cudnN0YXJjYW0uY24wgZ8wDQYJKoZIhvcNAQEBBQADgY0A\n' + 'MIGJAoGBAJ0uG0OSLkSSqjkbKtPXubBb2wgiGwQn4rgXrxKQ9F2YapkUwubVGzU2\n' + 'It6WoHtua4amjsXuDrLbCH+9S818oaJdJx8E0nzLSIzoTBabePYOq0jQ7ASqAa0y\n' + 'y/C/GXkUZ1Xtep2NozoeFrxfsHhSC5TLCubFuEolAAy/3bpwzrP1AgMBAAGjTTBL\n' + 'MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTu4yRB\n' + '3Z9oqFxwBTwcWNnllv1B6zAJBgNVHSMEAjAAMA0GCSqGSIb3DQEBCwUAA4GBAGlC\n' + 'E6Vpz99nyxg1IXAuQ/M7s4gcYg0lyrsCEbKKzV0urdf1BBuCh2Lthx/ORghaV1k6\n' + 'l4UYCaXFdcU2ELMrBB2YKUs1OpWHlayyXEYHKPbKP+thjQoTEgdkxYtoN2NEalOF\n' + 'RbJeGAnMBg10Ksk4kEX0aIxUILAuFHJ+kBfI6yQS\n' + '-----END CERTIFICATE-----\n';
var options = { keepalive: 60, protocolId: 'MQTT', protocolVersion: 4, clean: true, reconnectPeriod: 1000, connectTimeout: 30 * 1000, clientId: 'wld123', username: 'wld123', password: '123456', rejectUnauthorized: true, key: key, cert: cert, ca: ca, will: { topic: 'things/wld123/LWT', qos: 1, payload: JSON.stringify({"state": {"reported": {"connected": "false"}}}), retain: false } };
var connectUrl = 'wss://47.107.126.88:8883'; // @ts-ignore var client = mqtt.connect(connectUrl, options);
client.on('connect', () => { console.log('connected:') });
client.on('reconnect', () => { console.log('Reconnecting:') });
client.on('error', (error) => { console.log('Connection failed:', error) });
client.on('message', (topic, message) => { console.log('Received the news:', topic, message.toString()) });
Can you help me,I spent a few days verifying this thing, but it didn’t work out.
The above test code can be used directly
@weiliudong我看到您评论了
https
选项,您尝试过吗? 当前您使用哪个tls
与之ws
冲突。如果要创建安全的Websocket服务器,则需要HTTPS服务器。 您将使用tls
选项连接mqtts://
协议。
The configuration is enabled on the current server
var server = require('aedes-server-factory').createServer(aedes, { ws: true, https: { key: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.key')), cert: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.crt')), ca: fs.readFileSync(path.join(dirname, '/ca.crt')), }, // tls: { // key: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.key')), // cert: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.crt')), // ca: fs.readFileSync(path.join(dirname, '/ca.crt')), // }, });
https://github.com/mqttjs/MQTT.js/issues/741 Seems to have found a similar problem
my server
var fs = require('fs'); var path = require('path'); var aedes = require('aedes')(); var USER_HOME = process.env.HOME || process.env.USERPROFILE; var dirname = path.join(USER_HOME, '/.config/TLS/server'); var isEnableVersion = require('../config').isEnableVersion; var auth = require('../modules/oauth'); var businessEvent = require('../modules/businessEvent');
var port = 8084;
var server = require('aedes-server-factory').createServer(aedes, { ws: true, // https: { // key: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.key')), // cert: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.crt')), // ca: fs.readFileSync(path.join(dirname, '/ca.crt')), // }, tls: { key: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.key')), cert: fs.readFileSync(path.join(dirname, '/serverCert' + isEnableVersion + '.crt')), ca: fs.readFileSync(path.join(dirname, '/ca.crt')), }, });
server.listen(port, function () { businessEvent(aedes); console.log('The service is started and listening on the port', port); });
// auth.loginAuth(aedes);
//connect aedes.on('client', function (client) { var user = client.id; console.log(user, 'online'); });
//disconnect aedes.on('clientDisconnect', function (client) { var user = client.id; console.log(user, 'offline'); });
module.exports = aedes;
The browser uses mqtt.js
import * as mqtt from 'mqtt';
var options = { keepalive: 60, protocolId: 'MQTT', protocolVersion: 4, clean: true, reconnectPeriod: 1000, connectTimeout: 30 * 1000, clientId: 'wld123', username: 'wld123', password: '123456', rejectUnauthorized: true, key: key, cert: cert, ca: ca, will: { topic: 'things/wld123/LWT', qos: 1, payload: JSON.stringify({"state": {"reported": {"connected": "false"}}}), retain: false } };
var connectUrl = 'wss://47.107.126.88:8084'; // @ts-ignore var client = mqtt.connect(connectUrl, options);
client.on('connect', () => { console.log('connected:') });
client.on('reconnect', () => { console.log('Reconnecting:') });
client.on('error', (error) => { console.log('Connection failed:', error) });
client.on('message', (topic, message) => { console.log('Received the news:', topic, message.toString()) });
How can I make aedes allow wss to connect in