Tomcat behind Apache web server ProxyPass settings for WebSocket

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Tomcat behind Apache web server ProxyPass settings for WebSocket

richard
I'm trying to see the WebSocket examples that ship with Tomcat 9 in
action.

If I point my browser directly at tomcat on 8080, they work.

However, Tomcat is behind an Apache2 webserver and I can't seem to get
the ProxyPass settings right. Other Tomcat applications work if I access
them via Apache, but WebSocket applications don't. The snake demo for
example, gives a 'Info: WebSocket closed' message.

Apache is on the same server as Tomcat and has the proxy_wstunnel mod
loaded.

The relevant (I think) part of my  VirtualHost in the Apache2 conf file
is like this:

   ProxyPass        /    http://127.0.0.1:8080/          #works ok
   ProxyPassReverse /    http://127.0.0.1:8080/          #works ok
   ProxyPass        /    ws://127.0.0.1:8080/
   ProxyPassReverse /    ws://127.0.0.1:8080/

Could anyone tell me what's wrong here?


Thanks.
Richard




---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Tomcat behind Apache web server ProxyPass settings for WebSocket

Christopher Schultz-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Richard,

On 12/4/18 15:00, [hidden email] wrote:

> I'm trying to see the WebSocket examples that ship with Tomcat 9 in
> action.
>
> If I point my browser directly at tomcat on 8080, they work.
>
> However, Tomcat is behind an Apache2 webserver and I can't seem to
> get the ProxyPass settings right. Other Tomcat applications work if
> I access them via Apache, but WebSocket applications don't. The
> snake demo for example, gives a 'Info: WebSocket closed' message.
>
> Apache is on the same server as Tomcat and has the proxy_wstunnel
> mod loaded.
>
> The relevant (I think) part of my  VirtualHost in the Apache2 conf
> file is like this:
>
> ProxyPass        /    http://127.0.0.1:8080/          #works ok
> ProxyPassReverse /    http://127.0.0.1:8080/          #works ok
> ProxyPass        /    ws://127.0.0.1:8080/ ProxyPassReverse /
> ws://127.0.0.1:8080/
>
> Could anyone tell me what's wrong here?

My reading of the (umm... concise?) mod_proxy_wstunnel documentation
is that all URLs handled by mod_proxy_wstunnel will be upgraded to
Websocket connections. The configuration you have above will either
completely ignore your Websocket configuration (because ProxyPass
directives work in a first-match fashion, so your first '/' mapping
will map to http) or (if you replaced http: with ws:), everything will
be upgraded to Websocket so HTTP won't work.

Perhaps you want to:

a. List the Websocket-mapped URLs first

and

b. Don't map / to Websocket. Try /ws or whatever the examples use

Caveat: I know almost nothing about Websocket. YMMV.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwH8r0ACgkQHPApP6U8
pFhE6RAAtaqxDXDLjDx+Eovt2V9PtiLPIxY8fP5uZfMtTRo7SP6acgRe45NH9qHj
tcQt0WiJP9twIyt25oENERF2sbwOgHGLzaDLeLNCJDIER+qre/PN6pspvZzU89nO
1a6AdCm4aoZTGsn9GXXn4xRP/TNoAbq0FRXxjp6SUeHlGIK3wSOYGERMafZgfOm7
ETWGP7SG+mw6+Vbp4dnwvx71uLOjgYu8ly6GcDsbe9UOqqb7PlTGtzWQWDz5ahiP
Kks7RuVsAOIRxHN4VEoQwu5lYOHFObKOBwtCHbQYZQby3hjXBbShZTKYDEVoorwo
jUU0LFQMPb5IBkeH009FQZJXZcS4EvzzZK3bYx/LYQFqwYcB5VAXTT/wNV4J67dS
59JEl0xTxAgqTvu30TIW82ymMqsKRpPiUHblcQ0YIidQVnFUqhw9eAZdKoeDlgaY
XL3TpBhHnJgzUxgDIc7R1gj218GiyY2rK2CK4KzrbaIE7HnobWMJxcarB/57KO8F
JKrr7k0RkaXM1zsv63dr34LFiPQH0i2hqRDFRADNsDYOSf21dP3ZFOBdd4nKe4M3
edNXPgSIput+c5iiSECGVL1eQ2IKXfDwQkXR5Cj3v44TpYaOdlsChK27aq1uIWst
PLUL28Q19ugIlPh1qQp/6SGc/T2r+HUGbhs+A7IQectxNzb+ywQ=
=Dl4U
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Tomcat behind Apache web server ProxyPass settings for WebSocket

Luis Rodríguez Fernández
Hello Richard,

Yes, Christopher is right, with such configuration all the requests will be
upgraded to ws. Digging down in my old apache conf I found something like
this:

                ProxyPass /WinCCOAWebUI/ui
ws://db-00032:13122/WinCCOAWebUI/ui
                ProxyPassReverse /WinCCOAWebUI/ui
ws://db-00032:13122/WinCCOAWebUI/ui

                ProxyPass /WinCCOAWebUI/*  http
://db-00032:13122/WinCCOAWebUI/
                ProxyPassReverse /WinCCOAWebUI/*  http
://db-00032:13122/WinCCOAWebUI/

Well in the original configuration I was using mod_proxy for the ws request
and mod_jk for all the rest plus shibboleth for the authentication part,
but I prefer to avoid you the pain :)

Hope it helps,

Luis






El mié., 5 dic. 2018 a las 16:46, Christopher Schultz (<
[hidden email]>) escribió:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Richard,
>
> On 12/4/18 15:00, [hidden email] wrote:
> > I'm trying to see the WebSocket examples that ship with Tomcat 9 in
> > action.
> >
> > If I point my browser directly at tomcat on 8080, they work.
> >
> > However, Tomcat is behind an Apache2 webserver and I can't seem to
> > get the ProxyPass settings right. Other Tomcat applications work if
> > I access them via Apache, but WebSocket applications don't. The
> > snake demo for example, gives a 'Info: WebSocket closed' message.
> >
> > Apache is on the same server as Tomcat and has the proxy_wstunnel
> > mod loaded.
> >
> > The relevant (I think) part of my  VirtualHost in the Apache2 conf
> > file is like this:
> >
> > ProxyPass        /    http://127.0.0.1:8080/          #works ok
> > ProxyPassReverse /    http://127.0.0.1:8080/          #works ok
> > ProxyPass        /    ws://127.0.0.1:8080/ ProxyPassReverse /
> > ws://127.0.0.1:8080/
> >
> > Could anyone tell me what's wrong here?
>
> My reading of the (umm... concise?) mod_proxy_wstunnel documentation
> is that all URLs handled by mod_proxy_wstunnel will be upgraded to
> Websocket connections. The configuration you have above will either
> completely ignore your Websocket configuration (because ProxyPass
> directives work in a first-match fashion, so your first '/' mapping
> will map to http) or (if you replaced http: with ws:), everything will
> be upgraded to Websocket so HTTP won't work.
>
> Perhaps you want to:
>
> a. List the Websocket-mapped URLs first
>
> and
>
> b. Don't map / to Websocket. Try /ws or whatever the examples use
>
> Caveat: I know almost nothing about Websocket. YMMV.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwH8r0ACgkQHPApP6U8
> pFhE6RAAtaqxDXDLjDx+Eovt2V9PtiLPIxY8fP5uZfMtTRo7SP6acgRe45NH9qHj
> tcQt0WiJP9twIyt25oENERF2sbwOgHGLzaDLeLNCJDIER+qre/PN6pspvZzU89nO
> 1a6AdCm4aoZTGsn9GXXn4xRP/TNoAbq0FRXxjp6SUeHlGIK3wSOYGERMafZgfOm7
> ETWGP7SG+mw6+Vbp4dnwvx71uLOjgYu8ly6GcDsbe9UOqqb7PlTGtzWQWDz5ahiP
> Kks7RuVsAOIRxHN4VEoQwu5lYOHFObKOBwtCHbQYZQby3hjXBbShZTKYDEVoorwo
> jUU0LFQMPb5IBkeH009FQZJXZcS4EvzzZK3bYx/LYQFqwYcB5VAXTT/wNV4J67dS
> 59JEl0xTxAgqTvu30TIW82ymMqsKRpPiUHblcQ0YIidQVnFUqhw9eAZdKoeDlgaY
> XL3TpBhHnJgzUxgDIc7R1gj218GiyY2rK2CK4KzrbaIE7HnobWMJxcarB/57KO8F
> JKrr7k0RkaXM1zsv63dr34LFiPQH0i2hqRDFRADNsDYOSf21dP3ZFOBdd4nKe4M3
> edNXPgSIput+c5iiSECGVL1eQ2IKXfDwQkXR5Cj3v44TpYaOdlsChK27aq1uIWst
> PLUL28Q19ugIlPh1qQp/6SGc/T2r+HUGbhs+A7IQectxNzb+ywQ=
> =Dl4U
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
Reply | Threaded
Open this post in threaded view
|

Re: Tomcat behind Apache web server ProxyPass settings for WebSocket

richard
In reply to this post by richard
On 2018-12-04 20:00, [hidden email] wrote:

> I'm trying to see the WebSocket examples that ship with Tomcat 9 in
> action.
>
> If I point my browser directly at tomcat on 8080, they work.
>
> However, Tomcat is behind an Apache2 webserver and I can't seem to get
> the ProxyPass settings right. Other Tomcat applications work if I
> access them via Apache, but WebSocket applications don't. The snake
> demo for example, gives a 'Info: WebSocket closed' message.
>
> Apache is on the same server as Tomcat and has the proxy_wstunnel mod
> loaded.
>
> The relevant (I think) part of my  VirtualHost in the Apache2 conf
> file is like this:
>
>   ProxyPass        /    http://127.0.0.1:8080/          #works ok
>   ProxyPassReverse /    http://127.0.0.1:8080/          #works ok
>   ProxyPass        /    ws://127.0.0.1:8080/
>   ProxyPassReverse /    ws://127.0.0.1:8080/
>
> Could anyone tell me what's wrong here?
>
>
> Thanks.
> Richard
>

Luis & Christopher, thanks for your suggestions.

I've now got a VirtualHost that works, the key section being:

   RewriteEngine On
   RewriteCond %{HTTP:Upgrade} =websocket [NC]
   RewriteRule /(.*)           ws://localhost:8080/$1 [P,L]
   RewriteCond %{HTTP:Upgrade} !=websocket [NC]
   RewriteRule /(.*)           http://localhost:8080/$1 [P,L]

taken as is from a post at stackoverflow, except that Tomcat defaults to
8080:

https://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel

I'd still be interested in knowing if and how this can be achieved with
ProxyPass however. I spent quite a bit of time trying to match the
protocol as well as the path in Proxy path, but if it is possible, I
couldn't get the syntax right.


Richard






---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]