[users@httpd] Websockets not working with Apache proxypass, keep getting 400.

[Weare Borg <ke...@gmail.com>]

Distribution : Debian server. 3.2.0-4-amd64 #1 SMP Debian 3.2.73-2+deb7u2
x86_64 GNU/Linux
Server version: Apache/2.2.22 (Debian)

Hello friends,

I am working on integrating Websocket based functionality into our
Spring-MVC application. It works on my localhost, where I neither have SSL,
nor apache web server with ProxyPass.
We have a library called cometd which supports websocket functionality
which we are trying to make it work.
When I add it on the server, the situation changes, with proxypass,
whenever I try to make the connection from https go to wss, it doesn't work
and I keep getting a 400. What am I doing wrong?
I had added the same question on SO, but didn't got any good answer even
after a bounty, hoping something more would be here. Question link :
QuestionLink
<https://stackoverflow.com/questions/45275229/apacheserver-proxypass-websockets-not-working-url-changed-to-https-instead-o>

000-default.conf

<VirtualHost *:443>
> ServerName www.oursite.de
> ServerAlias oursite.de
> ProxyRequests off
> ProxyPreserveHost On
> <Proxy https://www.oursite.de:8444/>
> Order deny,allow
> Allow from all
> </Proxy>
> ProxyPass /nagios !
> ProxyReceiveBufferSize 4096
> ErrorDocument 503 /error/message.html
> ProxyPass /error/ !
> ProxyPass /error/message.html !
>
> SSLEngine on
> SSLProxyEngine on
> SSLCertificateFile /etc/letsencrypt/live/www.oursite.de-0002/cert.crt
> SSLCertificateKeyFile /etc/letsencrypt/live/www.oursite.de-0002/private.key
> SSLCertificateChainFile /etc/letsencrypt/live/www.oursite.de-0002/chain.pem
>
> ProxyPass / https://localhost:8444/
> ProxyPassReverse / https://localhost:8444/
>
> ProxyPass /cometd/ wss://localhost:8444/cometd/
> ProxyPassReverse /cometd wss://localhost:8444/cometd/
>
> <Location / >
> Order allow,deny
> Allow from all
> </Location>
> </VirtualHost>
>
>
As we have 3 different applications running on the same server, application
running on port 8444 is the one where we have cometd instance running. The
URL is always /cometd, and it's calculated in this manner :

var cometURL = location.protocol + "//" + location.host+
config.contextPath + "/cometd";
>
>
If there is anything else required. Kindly let me know. Thanks.

Re: [users@httpd] Websockets not working with Apache proxypass, keep getting 400.

[Weare Borg <ke...@gmail.com>]

Just added these 2 options and also enabled mod_ssl, still 400, bad
request. Any logs you would like?
Here is the apache error I can find : proxy: Error during SSL Handshake
with remote server returned by /cometd/connect

On Fri, Aug 25, 2017 at 3:36 PM, Julien Etter <ju...@juno.co.uk>
wrote:

> Hello,
>
> You may need to use SSLProxyCheckPeerCN / SSLProxyCheckPeerName off
>
>
>
>
>
> *From:* Weare Borg [mailto:kernelfreak@gmail.com]
> *Sent:* 25 August 2017 09:14
> *To:* users@httpd.apache.org
> *Subject:* [users@httpd] Websockets not working with Apache proxypass,
> keep getting 400.
>
>
>
> Distribution : Debian server. 3.2.0-4-amd64 #1 SMP Debian 3.2.73-2+deb7u2
> x86_64 GNU/Linux
>
> Server version: Apache/2.2.22 (Debian)
>
> Hello friends,
>
> I am working on integrating Websocket based functionality into our
> Spring-MVC application. It works on my localhost, where I neither have SSL,
> nor apache web server with ProxyPass.
>
> We have a library called cometd which supports websocket functionality
> which we are trying to make it work.
>
> When I add it on the server, the situation changes, with proxypass,
> whenever I try to make the connection from https go to wss, it doesn't work
> and I keep getting a 400. What am I doing wrong?
>
> I had added the same question on SO, but didn't got any good answer even
> after a bounty, hoping something more would be here. Question link :
> QuestionLink
> <https://stackoverflow.com/questions/45275229/apacheserver-proxypass-websockets-not-working-url-changed-to-https-instead-o>
>
>
>
> 000-default.conf
>
> <VirtualHost *:443>
>
> ServerName www.oursite.de
>
> ServerAlias oursite.de
>
> ProxyRequests off
>
> ProxyPreserveHost On
>
> <Proxy https://www.oursite.de:8444/>
>
> Order deny,allow
>
> Allow from all
>
> </Proxy>
>
> ProxyPass /nagios !
>
> ProxyReceiveBufferSize 4096
>
> ErrorDocument 503 /error/message.html
>
> ProxyPass /error/ !
>
> ProxyPass /error/message.html !
>
>
>
> SSLEngine on
>
> SSLProxyEngine on
>
> SSLCertificateFile /etc/letsencrypt/live/www.oursite.de-0002/cert.crt
>
> SSLCertificateKeyFile /etc/letsencrypt/live/www.oursite.de-0002/private.key
>
> SSLCertificateChainFile /etc/letsencrypt/live/www.oursite.de-0002/chain.pem
>
>
>
> ProxyPass / https://localhost:8444/
>
> ProxyPassReverse / https://localhost:8444/
>
>
>
> ProxyPass /cometd/ wss://localhost:8444/cometd/
>
> ProxyPassReverse /cometd wss://localhost:8444/cometd/
>
>
>
> <Location / >
>
> Order allow,deny
>
> Allow from all
>
> </Location>
>
> </VirtualHost>
>
>
>
> As we have 3 different applications running on the same server,
> application running on port 8444 is the one where we have cometd instance
> running. The URL is always /cometd, and it's calculated in this manner :
>
>
>
> var cometURL = location.protocol + "//" + location.host+ config.contextPath + "/cometd";
>
>
>
> If there is anything else required. Kindly let me know. Thanks.
>

RE: [users@httpd] Websockets not working with Apache proxypass, keep getting 400.

[Julien Etter <ju...@juno.co.uk>]

Hello,
You may need to use SSLProxyCheckPeerCN / SSLProxyCheckPeerName off


From: Weare Borg [mailto:kernelfreak@gmail.com]
Sent: 25 August 2017 09:14
To: users@httpd.apache.org
Subject: [users@httpd] Websockets not working with Apache proxypass, keep getting 400.

Distribution : Debian server. 3.2.0-4-amd64 #1 SMP Debian 3.2.73-2+deb7u2 x86_64 GNU/Linux
Server version: Apache/2.2.22 (Debian)
Hello friends,
I am working on integrating Websocket based functionality into our Spring-MVC application. It works on my localhost, where I neither have SSL, nor apache web server with ProxyPass.
We have a library called cometd which supports websocket functionality which we are trying to make it work.
When I add it on the server, the situation changes, with proxypass, whenever I try to make the connection from https go to wss, it doesn't work and I keep getting a 400. What am I doing wrong?
I had added the same question on SO, but didn't got any good answer even after a bounty, hoping something more would be here. Question link :  QuestionLink<https://stackoverflow.com/questions/45275229/apacheserver-proxypass-websockets-not-working-url-changed-to-https-instead-o>

000-default.conf

<VirtualHost *:443>

ServerName www.oursite.de<http://www.oursite.de>

ServerAlias oursite.de<http://oursite.de>

ProxyRequests off

ProxyPreserveHost On

<Proxy https://www.oursite.de:8444/>

Order deny,allow

Allow from all

</Proxy>

ProxyPass /nagios !

ProxyReceiveBufferSize 4096

ErrorDocument 503 /error/message.html

ProxyPass /error/ !

ProxyPass /error/message.html !



SSLEngine on

SSLProxyEngine on

SSLCertificateFile /etc/letsencrypt/live/www.oursite.de-0002/cert.crt

SSLCertificateKeyFile /etc/letsencrypt/live/www.oursite.de-0002/private.key

SSLCertificateChainFile /etc/letsencrypt/live/www.oursite.de-0002/chain.pem



ProxyPass / https://localhost:8444/

ProxyPassReverse / https://localhost:8444/



ProxyPass /cometd/ wss://localhost:8444/cometd/

ProxyPassReverse /cometd wss://localhost:8444/cometd/



<Location / >

Order allow,deny

Allow from all

</Location>

</VirtualHost>

As we have 3 different applications running on the same server, application running on port 8444 is the one where we have cometd instance running. The URL is always /cometd, and it's calculated in this manner :


var cometURL = location.protocol + "//" + location.host+ config.contextPath + "/cometd";

If there is anything else required. Kindly let me know. Thanks.