Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache reverse proxy for wss protocol

My application uses SockJS with Spring Framework. I have a reverse proxy on my server to redirect https requests to tomcat container. Configuration :

<VirtualHost *:443>
    ProxyPreserveHost On

    ProxyPass /boot http://127.0.0.1:8080/boot/
    ProxyPassReverse /boot http://127.0.0.1:8080/boot/

        ServerName MY_DOMAIN.com

        SSLEngine on
        SSLProtocol all
        SSLCertificateFile /etc/apache2/ssl/muhamo.crt
        SSLCertificateKeyFile /etc/apache2/ssl/muhamo.key
        SSLCACertificateFile /etc/apache2/ssl/bundl.crt
</VirtualHost>

How can I configure my virtual host to forward wss requests to my application? I get the error messages like :

Opening Web Socket...
sockjs.js:1213 WebSocket connection to 'wss://MY_DOMAIN.com/boot/tracking/557/jcf7btih/websocket' failed: Error during WebSocket handshake: Unexpected response code: 403

sockjs.js:807 POST https://MY_DOMAIN.com/boot/tracking/557/7cl9qov2/xhr_streaming 403 (Forbidden)

sockjs.js:807 POST https://MY_DOMAIN.com/boot/tracking/557/cvl8ti6k/xhr 403 (Forbidden)
like image 891
aymeba Avatar asked Apr 13 '15 01:04

aymeba


1 Answers

I do not know if you solved this problem, but I had the same problem. I thought the problem was with the apache server, but it was in the Spring side. The 403 code was the clue.

In my case, in addition to your configuration (with the necessary adaptation), what I did was to add the following:

# Disable forward proxying
ProxyRequests Off
# proxy wss:// to ws://
ProxyPassMatch ^/(.*)/websocket ws://localhost:8080/$1/websocket
# proxy ws fallbacks
ProxyPass /ws http://localhost:8080/ws
ProxyPassReverse /ws http://localhost:8080/ws

Int the Spring (Boot) side:

@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
    @Override
    public void configureMessageBroker(MessageBrokerRegistry config) {
        config.enableSimpleBroker("/topic");
    }

    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
        registry.addEndpoint("/ws").setAllowedOrigins("*").withSockJS();
    }

}

setAllowedOrigins("*") was the missing piece to overcome the 403 error.

Cheers

like image 124
Paulo Quintans Avatar answered Sep 19 '22 22:09

Paulo Quintans