You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by nishant singh <si...@gmail.com> on 2017/03/09 18:16:44 UTC
Status code 403 Forbidden issue for websocket creation using WSS protocol
Hi,
I am creating a websocket connection to server using "wss" protocol from
client. I have configured apache as proxy(mod proxy and
mod_proxy_wstunnel.so module is enabled in Apache httpd.conf file) to my
tomcat server. In apache VirtualHost for port 443 is created.Attached is
Apache httpd.conf file for reference.Tomcat connector for ssl is mentioned
below. I am getting response status code 403 Forbidden for websocket
request sent from client using "wss" protocol. The same set-up works fine
using "ws" protocol websocket connection on port 80 of apache proxied to
port 8080 of tomcat.I assume that SSL handshake is failing in this
scenario. Please suggest the solution.
Tomcat version:-9.0.0.M13
Apache version:- 2.4.23
======in Tomcat Server.xml connector configuration on port 443======
<Connector port="8443" SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="\conf\certificate.pem"
SSLCertificateKeyFile="\conf\privkey.pem" />
==========================Chrome debugger trace for this Request====
[image: Inline image 1]
===================sample websocket code for request creation From client
==================
this.websocket = new
WebSocket("wss://localhost:443/NG/nmsgServletApp/wsHandler/");
this.websocket.onopen = (evt) => {
this.websocket.send("Hello Nishant");
};
//nmsgServletApp:--> is my application name which is deployed in tomcat
//wsHandler:--> is the server side websocket handler mapping name
//NG:--> Proxy token for web-application deployed in Tomcat
====================Apache virtual port configuration for request proxy to
tomcat===================================
<VirtualHost *:443>
SSLCertificateFile ../certificate.pem
SSLCertificateKeyFile ../privkey.pem
ServerAdmin abc@localhost.com
ServerName "localhost"
SSLEngine on
SSLProxyEngine on
SecRuleEngine On
ProxyRequests Off
/*Below is Proxy configuration for above web-application deployed in Tomcat
*/
* ProxyPass /NG/nmsgServletApp/wsHandler
wss://localhost:8443/nmsgServletApp/wsHandler*
* ProxyPassReverse /NG/nmsgServletApp/wsHandler
wss://localhost:8443/nmsgServletApp/wsHandler *
* ProxyPass /NG https://localhost:8443/ <https://localhost:8443/> *
* ProxyPassReverse /NG https://localhost:8443/ <https://localhost:8443/>*
/*Below is Proxy configuration for another application deployed in another
server*/
ProxyPass / https://localhost:49101/ retry=10
ProxyPassReverse / https://localhost:49101/
<Proxy *>
ProxyPreserveHost Off
Order deny,allow
deny from all
Allow from all
SetOutputFilter DEFLATE
</Proxy>
</VirtualHost>
==================================================================
Please let me know if some more info is required or my description of the
problem is not clear.Please guide..
Thanks,
Nishant
Re: Status code 403 Forbidden issue for websocket creation using WSS
protocol
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Nishant,
On 3/9/17 2:12 PM, nishant singh wrote:
> Thank you for the response.I am using a self signed certificate.
> How to make httpd trust the certificate that Tomcat is presenting?
I think this is the directive you are looking for:
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycacertificatef
ile
It's obscure in that it's a part of mod_ssl and not mod_proxy_*, so
it's not entirely obvious that it's a configurable setting.
Hope that helps,
- -chris
> On Fri, Mar 10, 2017 at 12:09 AM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Nishant,
>
> On 3/9/17 1:16 PM, nishant singh wrote:
>>>> I am creating a websocket connection to server using "wss"
>>>> protocol from client. I have configured apache as proxy(mod
>>>> proxy and mod_proxy_wstunnel.so module is enabled in Apache
>>>> httpd.conf file) to my tomcat server. In apache VirtualHost
>>>> for port 443 is created.Attached is Apache httpd.conf file
>>>> for reference.Tomcat connector for ssl is mentioned below. I
>>>> am getting response status code 403 Forbidden for websocket
>>>> request sent from client using "wss" protocol. The same
>>>> set-up works fine using "ws" protocol websocket connection on
>>>> port 80 of apache proxied to port 8080 of tomcat.I assume
>>>> that SSL handshake is failing in this scenario. Please
>>>> suggest the solution.
>
> Does httpd trust the certificate that Tomcat is presenting when
> httpd connects to Tomcat using TLS?
>
> -chris
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYwbNnAAoJEBzwKT+lPKRY2msP/0Y+YzgBbQE1eXXqWxpmocsB
xF7hNSwMIcMfzLxJGEBIostSlw3okhgQtBOL68Ql4OW0lC3PCp7mW+7hZd5MNb+A
/iGltYiYr6OVfynYqGdrP98vaijUo6OLL9jbQI+fUBonNLrBB+6eh/S5/l4Bq/BC
B/tJtA5q/eU6KLb/DJtNKugbryuJu7kJNF+2gYTp6vcgYXUZX4/ZLS4+rtGWHkHK
jTz+hLJ2QDXUK5INrsEvusie8jeknj0rVq3b2IfUqBxJv5lWGzG9rCWt9vlKS/xp
VaVjgSnnOvErUDCnGoYVzQndODOhYNZTkIai1RY+FWB9+kgaZiXWRenhlyxmA9Sg
E+eaPCr6EmatXhIJucK8W+QykmZ2nmv4VxpOi3EK1Ibq9KncVFTNI7kiYO1u50X+
TRXQ9M/sgB79o7nLtaUYvvkkCeiihUjUuZbGP+oSu10NITyw+XsFwghLUn81vpQr
T1+PN0mky8czR7i3/viK7mzGz/HeA3/TzBSVveima9KAlfJZ1S4/wARNtfMiSh7m
Qzs8yJMeB6fPW8k+Kb1Xnf4dCEhvXPRqTNWuux/IffLpbGSDO8GrspoZoIAMou2E
ZliwxGz4iVqSEeAYbRxVuYMOs+gXTC5nKVGcJCV63+UGTgx300d6cgLbNzsyJn6H
9/LP4Hz7j373HJe/VaJx
=uEGn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Status code 403 Forbidden issue for websocket creation using WSS protocol
Posted by nishant singh <si...@gmail.com>.
Hello Chris,
Thank you for the response.I am using a self signed certificate. How to
make httpd trust the certificate that Tomcat is presenting?
Nishant
On Fri, Mar 10, 2017 at 12:09 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Nishant,
>
> On 3/9/17 1:16 PM, nishant singh wrote:
> > I am creating a websocket connection to server using "wss"
> > protocol from client. I have configured apache as proxy(mod proxy
> > and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf
> > file) to my tomcat server. In apache VirtualHost for port 443 is
> > created.Attached is Apache httpd.conf file for reference.Tomcat
> > connector for ssl is mentioned below. I am getting response status
> > code 403 Forbidden for websocket request sent from client using
> > "wss" protocol. The same set-up works fine using "ws" protocol
> > websocket connection on port 80 of apache proxied to port 8080 of
> > tomcat.I assume that SSL handshake is failing in this scenario.
> > Please suggest the solution.
>
> Does httpd trust the certificate that Tomcat is presenting when httpd
> connects to Tomcat using TLS?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYwaFYAAoJEBzwKT+lPKRYhckP/jN5Ic4B9VP8pdP/Cm4XduG9
> OB/SZdXee8VvY4UpmTIsM+SfduOxPAilFiv4v4QrvEsoipE0ofzvsBjnFB5t468g
> rmagK10r/DcTLIu2SD4R9HeNmcDocWx6mUvePNfpTzIXIn0vZPCn7blCPGatUyQ0
> 6sdMKYWG/PhTRkFniGJGfbJ7rtYpbxUpBm+qbkQ0MGev+yos4Z7A5G4LSzt8KFtv
> N0mCKhvWrviUru71fqRv9mr2HLv+nv5t0SRYY03egbP2AqlYaot2VWzijwU96wbZ
> OdUoHwrjmQ5SjOKJFYA7QM2KmXAo+zClI2zgSQYt3cDtxGjobGlOQhiUmj/lrpnC
> +wbY3ftPiMT3aV5vWuSSNLIbXFnxba3TFEgFA4VvyPOMPqFdY76tJvaRuEyO92/h
> 2kdnjQb13ZE5eaABnN2G/OKUJGs0PxOcVY3xW+4L0BDrVZ+HFjTwvWb1PccJhtPP
> EMmM6AQYlrYtEwOP59K6a2922C6rKKNVY+lvla5JlRlBVGmeH+6aAMS/evYDf/C5
> eT6m+jhfBYCw0qh1NCdAQMnG8lX4WEvE4j4Ze38OAHLFIu1Rj5zXFhiq/71cm2cg
> YYAD4f2l8ZYucWo331sHSzHJlflb8qyb1DgtwjfTlX26GMhYTdB7NlDHn83qld9e
> HVjhVZMoyB+TSIN7/ant
> =8kml
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Status code 403 Forbidden issue for websocket creation using WSS
protocol
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Nishant,
On 3/9/17 1:16 PM, nishant singh wrote:
> I am creating a websocket connection to server using "wss"
> protocol from client. I have configured apache as proxy(mod proxy
> and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf
> file) to my tomcat server. In apache VirtualHost for port 443 is
> created.Attached is Apache httpd.conf file for reference.Tomcat
> connector for ssl is mentioned below. I am getting response status
> code 403 Forbidden for websocket request sent from client using
> "wss" protocol. The same set-up works fine using "ws" protocol
> websocket connection on port 80 of apache proxied to port 8080 of
> tomcat.I assume that SSL handshake is failing in this scenario.
> Please suggest the solution.
Does httpd trust the certificate that Tomcat is presenting when httpd
connects to Tomcat using TLS?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYwaFYAAoJEBzwKT+lPKRYhckP/jN5Ic4B9VP8pdP/Cm4XduG9
OB/SZdXee8VvY4UpmTIsM+SfduOxPAilFiv4v4QrvEsoipE0ofzvsBjnFB5t468g
rmagK10r/DcTLIu2SD4R9HeNmcDocWx6mUvePNfpTzIXIn0vZPCn7blCPGatUyQ0
6sdMKYWG/PhTRkFniGJGfbJ7rtYpbxUpBm+qbkQ0MGev+yos4Z7A5G4LSzt8KFtv
N0mCKhvWrviUru71fqRv9mr2HLv+nv5t0SRYY03egbP2AqlYaot2VWzijwU96wbZ
OdUoHwrjmQ5SjOKJFYA7QM2KmXAo+zClI2zgSQYt3cDtxGjobGlOQhiUmj/lrpnC
+wbY3ftPiMT3aV5vWuSSNLIbXFnxba3TFEgFA4VvyPOMPqFdY76tJvaRuEyO92/h
2kdnjQb13ZE5eaABnN2G/OKUJGs0PxOcVY3xW+4L0BDrVZ+HFjTwvWb1PccJhtPP
EMmM6AQYlrYtEwOP59K6a2922C6rKKNVY+lvla5JlRlBVGmeH+6aAMS/evYDf/C5
eT6m+jhfBYCw0qh1NCdAQMnG8lX4WEvE4j4Ze38OAHLFIu1Rj5zXFhiq/71cm2cg
YYAD4f2l8ZYucWo331sHSzHJlflb8qyb1DgtwjfTlX26GMhYTdB7NlDHn83qld9e
HVjhVZMoyB+TSIN7/ant
=8kml
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org