Hi!
I have a tomcat application running that accepts websockets. In front of
this application I'm running apache as a reverse proxy. SSL is
configured in apache, and my tomcat knows nothing about SSL.
In the usual web traffic case, everything works just as expected - the
SSL connection terminates in apache and the request is forwarded to
tomcat using plain http. However, this approach doesn't seem to work
when it comes to websockets - the upgrade requests return 403 with no
further elaboration in the log.
This is the proxy part of my vhost config:
<VirtualHost *:443>
...
ProxyPass "/george/ws/sender"
"http://localhost:8080/george/ws/sender" upgrade=websocket
ProxyPass "/george/ws/receiver"
"http://localhost:8080/george/ws/receiver" upgrade=websocket
</VirtualHost>
I have succeeded in getting things working if I configure SSL in tomcat
as well:
<VirtualHost *:443>
...
ProxyPass "/george/ws/sender"
"https://localhost:8443/george/ws/sender" upgrade=websocket
ProxyPass "/george/ws/receiver"
"https://localhost:8443/george/ws/receiver" upgrade=websocket
</VirtualHost>
Administrivia makes configuring SSL in tomcat undesirable, so my
question is if it's possible to get websockets to behave similarly to
SSL, with apache terminating the encryption layer and passing on an
unsecured websocket internally? If it's possible, how?
Server version: Apache/2.4.57 (Debian)
Server built: 2023-04-13T03:26:51
Relevant documentation:
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#wsupgrade
Regards,
Erik Thuning
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
I have a tomcat application running that accepts websockets. In front of
this application I'm running apache as a reverse proxy. SSL is
configured in apache, and my tomcat knows nothing about SSL.
In the usual web traffic case, everything works just as expected - the
SSL connection terminates in apache and the request is forwarded to
tomcat using plain http. However, this approach doesn't seem to work
when it comes to websockets - the upgrade requests return 403 with no
further elaboration in the log.
This is the proxy part of my vhost config:
<VirtualHost *:443>
...
ProxyPass "/george/ws/sender"
"http://localhost:8080/george/ws/sender" upgrade=websocket
ProxyPass "/george/ws/receiver"
"http://localhost:8080/george/ws/receiver" upgrade=websocket
</VirtualHost>
I have succeeded in getting things working if I configure SSL in tomcat
as well:
<VirtualHost *:443>
...
ProxyPass "/george/ws/sender"
"https://localhost:8443/george/ws/sender" upgrade=websocket
ProxyPass "/george/ws/receiver"
"https://localhost:8443/george/ws/receiver" upgrade=websocket
</VirtualHost>
Administrivia makes configuring SSL in tomcat undesirable, so my
question is if it's possible to get websockets to behave similarly to
SSL, with apache terminating the encryption layer and passing on an
unsecured websocket internally? If it's possible, how?
Server version: Apache/2.4.57 (Debian)
Server built: 2023-04-13T03:26:51
Relevant documentation:
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#wsupgrade
Regards,
Erik Thuning
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org