应用程序网关中的 WebSocket 支持概述Overview of WebSocket support in Application Gateway

应用程序网关跨所有网关大小为 WebSocket 提供本机支持。Application Gateway provides native support for WebSocket across all gateway sizes. 用户无法通过配置设置来选择性地启用或禁用 WebSocket 支持。There is no user-configurable setting to selectively enable or disable WebSocket support.

RFC6455 进行标准化的 WebSocket 协议通过长时间运行的 TCP 连接,让服务器和客户端之间实现全双工通信。WebSocket protocol standardized in RFC6455 enables a full duplex communication between a server and a client over a long running TCP connection. 此功能让 Web 服务器和客户端之间能够进行交互性更强的通信。这种通信可以是双向的,而且不像基于 HTTP 的实现那样需要轮询。This feature allows for a more interactive communication between the web server and the client, which can be bidirectional without the need for polling as required in HTTP-based implementations. 不同于 HTTP,WebSocket 的开销很低,并且可以对多个请求/响应重复使用同一 TCP 连接,进而提高资源利用率。WebSocket has low overhead unlike HTTP and can reuse the same TCP connection for multiple request/responses resulting in a more efficient utilization of resources. WebSocket 协议设计为通过传统 HTTP 端口 80 和 443 运行。WebSocket protocols are designed to work over traditional HTTP ports of 80 and 443.

可以在端口 80 或 443 上继续使用标准 HTTP 侦听器来接收 WebSocket 流量。You can continue using a standard HTTP listener on port 80 or 443 to receive WebSocket traffic. 随后会使用应用程序网关规则中指定的相应后端池,将 WebSocket 流量定向到已启用 WebSocket 的后端服务器。WebSocket traffic is then directed to the WebSocket enabled backend server using the appropriate backend pool as specified in application gateway rules. 后端服务器必须响应应用程序网关探测,如运行状况探测概述部分中所述。The backend server must respond to the application gateway probes, which are described in the health probe overview section. 应用程序网关运行状况探测仅适用于 HTTP/HTTPS。Application gateway health probes are HTTP/HTTPS only. 每个后端服务器必须响应 HTTP 探测,这样,应用程序网关才能将 WebSocket 流量路由到服务器。Each backend server must respond to HTTP probes for application gateway to route WebSocket traffic to the server.

它用在受益于快速实时通信的应用(例如聊天、仪表板和游戏应用)中。It's used in apps that benefit from fast, real-time communication, such as chat, dashboard, and game apps.

WebSocket 工作原理How does WebSocket work

若要建立 WebSocket 连接,需在客户端和服务器之间交换特定的基于 HTTP 的握手。To establish a WebSocket connection, a specific HTTP-based handshake is exchanged between the client and the server. 如果成功,则应用程序层协议会使用之前建立的 TCP 连接从 HTTP“升级”为 WebSocket。If successful, the application-layer protocol is "upgraded" from HTTP to WebSockets, using the previously established TCP connection. 然后就完全不使用 HTTP;两个终结点可以使用 WebSocket 协议来发送或接收数据,直至 WebSocket 连接关闭。Once this occurs, HTTP is completely out of the picture; data can be sent or received using the WebSocket protocol by both endpoints, until the WebSocket connection is closed.

websocket

侦听器配置元素Listener configuration element

现有的 HTTP 侦听器可用于支持 WebSocket 流量。An existing HTTP listener can be used to support WebSocket traffic. 以下是示例模板文件中 httpListeners 元素的代码片段。The following is a snippet of an httpListeners element from a sample template file. 需要同时拥有 HTTP 和 HTTPS 侦听器才能支持 WebSocket 并保护 WebSocket 流量。You would need both HTTP and HTTPS listeners to support WebSocket and secure WebSocket traffic. 同样,可以使用门户或 Azure PowerShell 在端口 80/443 上创建具有侦听器的应用程序网关,以支持 WebSocket 通信。Similarly you can use the portal or Azure PowerShell to create an application gateway with listeners on port 80/443 to support WebSocket traffic.

"httpListeners": [
        {
            "name": "appGatewayHttpsListener",
            "properties": {
                "FrontendIPConfiguration": {
                    "Id": "/subscriptions/{subscriptionId/resourceGroups/{resourceGroupName/providers/Microsoft.Network/applicationGateways/{applicationGatewayName/frontendIPConfigurations/DefaultFrontendPublicIP"
                },
                "FrontendPort": {
                    "Id": "/subscriptions/{subscriptionId/resourceGroups/{resourceGroupName/providers/Microsoft.Network/applicationGateways/{applicationGatewayName/frontendPorts/appGatewayFrontendPort443'"
                },
                "Protocol": "Https",
                "SslCertificate": {
                    "Id": "/subscriptions/{subscriptionId/resourceGroups/{resourceGroupName/providers/Microsoft.Network/applicationGateways/{applicationGatewayName/sslCertificates/appGatewaySslCert1'"
                },
            }
        },
        {
            "name": "appGatewayHttpListener",
            "properties": {
                "FrontendIPConfiguration": {
                    "Id": "/subscriptions/{subscriptionId/resourceGroups/{resourceGroupName/providers/Microsoft.Network/applicationGateways/{applicationGatewayName/frontendIPConfigurations/appGatewayFrontendIP'"
                },
                "FrontendPort": {
                    "Id": "/subscriptions/{subscriptionId/resourceGroups/{resourceGroupName/providers/Microsoft.Network/applicationGateways/{applicationGatewayName/frontendPorts/appGatewayFrontendPort80'"
                },
                "Protocol": "Http",
            }
        }
    ],

BackendAddressPool、BackendHttpSetting 和路由规则配置BackendAddressPool, BackendHttpSetting, and Routing rule configuration

如果后端池具有已启用 WebSocket 的服务器,那么应使用 BackendAddressPool 对其进行定义。A BackendAddressPool is used to define a backend pool with WebSocket enabled servers. backendHttpSetting 是使用后端端口 80 和 443 定义的。The backendHttpSetting is defined with a backend port 80 and 443. HTTP 设置中的请求超时值也适用于 WebSocket 会话。The request timeout value in HTTP Settings also applies to the WebSocket session. 不需要对路由规则进行更改,可使用路由规则将适当的侦听器绑定到相应的后端地址池。There is no change required in the routing rule, which is used to tie the appropriate listener to the corresponding backend address pool.

"requestRoutingRules": [{
    "name": "<ruleName1>",
    "properties": {
        "RuleType": "Basic",
        "httpListener": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}/httpListeners/appGatewayHttpsListener')]"
        },
        "backendAddressPool": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}/backendAddressPools/ContosoServerPool')]"
        },
        "backendHttpSettings": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
        }
    }

}, {
    "name": "<ruleName2>",
    "properties": {
        "RuleType": "Basic",
        "httpListener": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}/httpListeners/appGatewayHttpListener')]"
        },
        "backendAddressPool": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}/backendAddressPools/ContosoServerPool')]"
        },
        "backendHttpSettings": {
            "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationGateways/{applicationGatewayName}/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
        }

    }
}]

已启用 WebSocket 的后端WebSocket enabled backend

后端必须具有在已配置端口(通常为 80/443)上运行的 HTTP/HTTPS Web 服务器,WebSocket 才能运行。Your backend must have a HTTP/HTTPS web server running on the configured port (usually 80/443) for WebSocket to work. 之所以提出此要求,是因为 WebSocket 协议要求初始握手是 HTTP,且标头字段为升级到 WebSocket 协议。This requirement is because WebSocket protocol requires the initial handshake to be HTTP with upgrade to WebSocket protocol as a header field. 下面是一个标头示例:The following is an example of a header:

    GET /chat HTTP/1.1
    Host: server.example.com
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
    Origin: https://example.com
    Sec-WebSocket-Protocol: chat, superchat
    Sec-WebSocket-Version: 13

另一个原因是该应用程序网关后端运行状况探测仅支持 HTTP 和 HTTPS 协议。Another reason for this is that application gateway backend health probe supports HTTP and HTTPS protocols only. 如果后端服务器未响应 HTTP 或 HTTPS 探测,会将它从后端池中排除。If the backend server does not respond to HTTP or HTTPS probes, it is taken out of backend pool.

后续步骤Next steps

了解 WebSocket 支持后,请转到创建应用程序网关,开始使用已启用 WebSocket 的 Web 应用程序。After learning about WebSocket support, go to create an application gateway to get started with a WebSocket enabled web application.