Apache mod_proxy: forward secure websocket to non-secure

1
votes

The websocket library I rely on (PHP-Websockets) does not yet support secure sockets (wss). My website is served over https though, so I cannot use insecure ws connections.

I'm trying to use Apache's mod_proxy to forward the secure request that comes from the browser on to the client.

Javascript

var ws = new WebSocket('wss://example.com/_ws_/');

Apache VirtualHost

ProxyPass        "/_ws_/" "ws://127.0.0.1:8080/"
ProxyPassReverse "/_ws_/" "ws://127.0.0.1:8080/"
# I've also tried "/_ws_/" "ws://example.com:8080/"  Same error below

Upon trying to connect, the browser receives a 500 Server Error. The logs show:

No protocol handler was valid for the URL /_ws_/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

I've confirmed that if I remove the proxy rules, stop redirecting users to https and try to connect to insecure sockets from the browser: new WebSocket('ws://example.com/'), things work just fine.

My loaded Apache modules include mod_ssl.c, mod_proxy.c and mod_proxy_http.c

Apache 2.4

1
apachesslwebsocketmod-proxy
I have similar issue with bitnami tomcat stack. Unfortunatly I have no enough skills to setup mod proxy, and I remove apache2 web server at all. But please look into this conversation, may be it will help: community.bitnami.com/t/tomcat-8-websockets/39477/3 - degr
@degr Thanks for the link - BeetleJuice
What about mod_proxy_wstunnel module? - gre_gor
@gre_gor It took me all night to realize that that's what I was missing. I came back to write up my solution, but if you'd like to (if so include a link to the docs: httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html) , I'll gladly select your answer. - BeetleJuice

1 Answers

1
votes

To reverse proxy WebSockets, you also need to load the mod_proxy_wstunnel module.